Giters

dm3-org / dm3

The dm3 protocol | New standard of web3 messaging | Decentralized ENS-based registry | Secure end-to-end encryption | Easy dApp integration

Home Page:https://dm3.network

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Prove key derivation without leaking secrets

malteish opened this issue · comments

commented

Source: see #824

Situation

  1. Alice has key pair ethereumKeyPair and uses it to sign a key creation message message , resulting in signature signatureEntropy.
  2. signatureEntropy is used as entropy to derive a second key pair signingKeyPair
  3. In order to prove that wants to use signingKeyPair , she has to use ethereumKeyPair to sign a message containing signingKeyPair.publicKey , resulting in signingKeyPairConnectionSignature , and provide that signature to the verifying party.

Alice has to use her ethereumKeyPair twice.

Goal

Step 3 should be replaced by zero knowledge technology, proving that:

  1. Alice has access to signatureEntropy (secret), which resulted from use of ethereumKeyPair (privateKey is secret, publicKey is public) and message (public for now).
  2. signingKeyPair (privateKey is secret, publicKey is public) was derived from signatureEntropy (secret) following a given algorithm (public)