1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
Return-Path: <gmaxwell@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 9D1FBEB2
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 10 Jan 2018 23:47:26 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-vk0-f51.google.com (mail-vk0-f51.google.com
[209.85.213.51])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 73A4AE3
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 10 Jan 2018 23:47:25 +0000 (UTC)
Received: by mail-vk0-f51.google.com with SMTP id t4so461494vkb.9
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 10 Jan 2018 15:47:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:sender:in-reply-to:references:from:date:message-id
:subject:to:cc;
bh=BRrnf7f15TeQ07+Pd3XjLrHGDoR7l0uQ/ishFAMv2RM=;
b=XyU/4AqY5baebc2Y+k4GX5fN/2BQ1t8+1ZH0yyk/QDj/ztTqrC3IUucYAMzXGwvZ2g
kLnGcNcCEGsxLYsvK5jZ9Sd8dz1Q1veu5Qm2Y/0gS3nzIgSwWrjSZdPQra/uaQfcBBfs
reI/VQ/PtyjP/AwG/qSdwodG/JMVLBs17RgOjY+u6D/piLElMdt1ZgeTak3hFe6Hrz3Q
IX4Z0MnuG6vgFj79y8dcDNjjHJJT75i9yrAddY1E8qNxW2jwu1xCb3f+561AAsmqMWkb
85K74oQMJg1buMDKxcGGdIyN35kRP0Rft1ABqn5w5G9jQ1NZRB0c9E03TodD0gJnbzcE
Et5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
:date:message-id:subject:to:cc;
bh=BRrnf7f15TeQ07+Pd3XjLrHGDoR7l0uQ/ishFAMv2RM=;
b=nLvFFm3Gz1e9Ih7+Agaad+1RXmZvmkm4lLVRvaC+tegHHltWE+Cntqn2BaLdP7351o
ZKgwdtloRcE/4RlIqpUPbDJXGVtkukzLKuSUFzA5ToFvVZB2larJUh72c6oIOtpenSWv
C/iJvjOCoo6QBAYl+BYzVIVSL5EY1HHqKTaITjHiyvUk5CQgvcAr/mSR0ebGZ+KnThpG
QL2lGtmapmEJEbbOx+c0I2giXZN3z20BS6/dBhJsOMSaRqgdIZQAuwOzi3Xx7qfrt2i6
WCPMBYA3brLLetyveLXZ7hbvMTanJ6wedwDubiDxPtRVIO/eS7OlLRWXKw0losQF8YzO
PGNA==
X-Gm-Message-State: AKwxytdCpDP3H0cdWcXlAC2fllBbx+2Hv6XVNzjJcng/3Z/jX2DGLRw1
Ea+L+TnF5oN4T1+8hyXMyLDD/m8qKrshdXnnHHabBQ==
X-Google-Smtp-Source: ACJfBovxkhP12ih1FJZALGqyXLBDkg65om6eqWIFhOQP2PkGPBFo8N9nA5jB4lp1tVFlTE4+POfFofzEnCQvfxl1vqA=
X-Received: by 10.31.120.1 with SMTP id t1mr172892vkc.172.1515628044540; Wed,
10 Jan 2018 15:47:24 -0800 (PST)
MIME-Version: 1.0
Sender: gmaxwell@gmail.com
Received: by 10.103.85.152 with HTTP; Wed, 10 Jan 2018 15:47:23 -0800 (PST)
In-Reply-To: <bb3ea695-f1f6-3f92-267d-281aedb850ed@satoshilabs.com>
References: <CAAS2fgR-or=zksQ929Muvgr=sgzNSugGp669ZWYC6YkvEG=H5w@mail.gmail.com>
<ae570ccf-3a2c-a11c-57fa-6dad78cfb1a5@satoshilabs.com>
<CAAS2fgRQvpa8VXE8YAYSfugDvCu=1+5ANsGk1V_OXtHPGD=Ltw@mail.gmail.com>
<f2fbb0ec-0c18-f866-29fe-41de882f4706@satoshilabs.com>
<bb3ea695-f1f6-3f92-267d-281aedb850ed@satoshilabs.com>
From: Gregory Maxwell <greg@xiph.org>
Date: Wed, 10 Jan 2018 23:47:23 +0000
X-Google-Sender-Auth: UvfT9PIPrLgg2F7G7cb6j7kxV9w
Message-ID: <CAAS2fgSn7kYoKi2cBRUP39G6LLZZgG1B6Sc47U+ba8H22rTQ6Q@mail.gmail.com>
To: Pavol Rusnak <stick@satoshilabs.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, FREEMAIL_FROM,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Satoshilabs secret shared private key scheme
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jan 2018 23:47:26 -0000
On Wed, Jan 10, 2018 at 8:28 PM, Pavol Rusnak <stick@satoshilabs.com> wrote:
> On 09/01/18 16:12, Pavol Rusnak via bitcoin-dev wrote:
>> On 09/01/18 00:47, Gregory Maxwell wrote:
>>> Have you considered using blind host-delegated KDFs, where the KDF
>>> runs on the user's computer instead of the hardware wallet, but the
>>> computer doesn't learn anything about they keys?
>>
>> Any examples of these?
Yes, this scheme.
https://bitcointalk.org/index.php?topic=311000.msg3342217#msg3342217
> Actually, scratch that. HW wallet would not know whether the host
> computer is lying or not. The computer would not learn about the keys,
> but still could be malicious and provide invalid result. Is that correct?
I believe that can be avoided by having the computer do somewhat more
work and checking the consistency after the fact.
(or for decode time, having a check value under the encryption...)
|