facebook / akd

An implementation of an auditable key directory

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Adding domain separation for tree hashing

kevinlewi opened this issue · comments

We need to add domain separation for hashing of internal nodes / leaves in the tree. Right now, if we are doing something like H(payload), we should instead do something like H("AKD-v0.4" || nonce || payload), where a per-tree nonce is also stored somewhere.

cc: @Jasleen1

After some discussion with @slawlor, let's leave out the nonce in the computation and just stick with the fixed string for domain separation. i.e.: H("AKD-v0.4" || payload)

What is domain separation?

@eozturk1 this just refers to adding a fixed string specific to this application into the hash computation. That way, hashing this value won't "collide" or interfere with other applications that might hash the same input.

Got it! One thing to note, yesterday @alexme22 and I were discussing testing strategies and static/dynamic datasets. For tests with static data, e.g., a full tree with multiple users and epochs, maybe it is better to avoid the version number in the fixed string? This way, the tests of the next version of AKD can use the previous version's static test dataset.

I see, good point. Yes, we can omit hardcoding the version into these strings, that should be fine!

Closing this off since the VRF private/public key already ensures that the hashes generated by AKD are not going to collide with other hashes used elsewhere.