mpc-recovery icon indicating copy to clipboard operation
mpc-recovery copied to clipboard

Published 20 hours ago verified publisher icon near

Integrate Key Derivation

Open volovyks opened this issue 2 years ago • 3 comments

Our preferable design will include Key Derivation. Let's add a simplified logic, that generate the users key out of the root key and user internal id.

volovyks avatar Apr 11 '23 21:04 volovyks

@abacabadabacaba have you found a good Rust library for Key Derivation? Maybe you have some code snippets? We already want to integrate it to the project. Even without MPC part.

volovyks avatar Apr 13 '23 17:04 volovyks

Optional for POC1, but really nice to have. Otherwise we will need to use the same key, or have a database.

volovyks avatar Apr 14 '23 19:04 volovyks

Seems unlikely that this is happening for POC1. There are also just general concerns regarding this approach, reposting @DavidM-D's message here for context completeness:

Apparently aggregate key derivation isn’t safe because of something called a Wagner attack. I got sent a paper explaining why that’s the case but I have not even attempted to read it. So we’re going to be using lots of keys instead https://eprint.iacr.org/2020/945

itegulov avatar Apr 22 '23 01:04 itegulov