Re: [bitcoindev] BIP Draft: "ChillDKG: Distributed Key Generation for FROST"

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: Jonas Nick <jonasd.nick@gmail•com>
To: "David A. Harding" <dave@dtrt•org>, Tim Ruffing <crypto@timruffing•de>
Cc: bitcoindev@googlegroups.com
Subject: Re: [bitcoindev] BIP Draft: "ChillDKG: Distributed Key Generation for FROST"
Date: Tue, 16 Jul 2024 17:31:47 +0000	[thread overview]
Message-ID: <7084f935-0201-4909-99ff-c76f83572a7c@gmail.com> (raw)
In-Reply-To: <5ce152c9181ea552b8e146c9329f011b@dtrt.org>

Thanks Dave. There are indeed potential privacy implications of the recovery
data because only the secret shares are encrypted. Most importantly, the
recovery data contains in plaintext:

- the long-term "host" public keys of the participants
- the final threshold public key that is the result of the DKG

For example, we could imagine a scenario where a DKG participant puts their
recovery data on a cloud hoster and an adversary is able to obtain it. Then the
adversary could use to contained threshold public key to associate on-chain
transactions with the victim.

However, there's nothing preventing the participants from encrypting the
recovery data before backing it up. We do not specify that encryption in the BIP
because it is an operation local to the participants and does not affect the
communication between them. But now that you mention this, I think we should be
a bit more clear in the BIP (and don't call the recovery data "public"). For
example, it may make sense to use the DKG protocol seed to derive an encryption
key, so you don't have to backup any secret data besides the seed.

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups•com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/7084f935-0201-4909-99ff-c76f83572a7c%40gmail.com.

     prev parent reply	other threads:[~2024-07-16 17:57 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-08 20:05 Tim Ruffing
2024-07-16 16:43 ` David A. Harding
2024-07-16 17:31   ` Jonas Nick [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7084f935-0201-4909-99ff-c76f83572a7c@gmail.com \
    --to=jonasd.nick@gmail$(echo .)com \
    --cc=bitcoindev@googlegroups.com \
    --cc=crypto@timruffing$(echo .)de \
    --cc=dave@dtrt$(echo .)org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox