Asymmetric cryptography with a one-time secret key: description of the idea and possible application
(to understand what this article says, it is necessary and sufficient, at least in general terms, to understand what asymmetric cryptography is and how electronic signature works)
The scenario of using a one-time secret key:
- A key pair is created consisting of secret (secret key, SK) and public (PK) keys.
- Using a secret key, a number of operations are performed. The first of these, the creation of a public key, has already been completed in the first step.
- At first glance, the anti-logical action is performed - the secret key is destroyed without the possibility of recovery.
Using the remaining public key to encrypt data does not make sense (decryption in the absence of a secret key is considered impossible), but the public key can be used to verify electronic signatures created in the second step.
This approach can be used for cryptographically reliable data binding. At the same time, the public key of the original key pair becomes the link identifier.
A significant advantage is that the key pair used cannot be compromised otherwise than by brute force, or by exploiting the mathematical vulnerability of the algorithm used. If the secret key no longer exists at all, it cannot be stolen, tricked out, or extorted.
Task: in a distributed system, participants are registered under the unique identifiers created by them. It is required to complicate as much as possible the task of “hijacking” another's identifier (identity theft). In the case of the hijacking of the identifier, ensure that the true owner can return the stolen.
Ways to solve the problem without using the technology in question:
- "Zero option." Rely on the honesty of the participants.
- "Administrative prohibition." When registering participants require a passport. Legally prohibit the use of foreign identifiers. Bind the identifier to the phone number, use multi-factor authentication. If you suspect, again require a passport. Rely on the integrity and integrity of authorized reviewers. If unlawful use is detected, fine and / or imprison the guilty.
- "Public key as an identifier". Accordingly, the secret key is used as a means of authorization. In principle, a decent option (in particular, is used in cryptographic games), with the exception that if a secret key is lost or compromised, the participant irreversibly leaves the game.
Solving the problem using one-time secret keys:
- The participant creates an identifying key pair [SK 0 , PK 0 ]. The public key PK 0 (or its hash) becomes the unique identifier of the participant.
- The participant creates an additional set of key pairs [SK 1 , PK 1 ], [SK 2 , PK 2 ] ... [SK n , PK n ], and the public key of each of them is signed with the key SK 0 .
- Key SK 0 is destroyed. Steps one through three are performed in a single process without writing SK0 to non-volatile memory.
- For authentication, the participant uses one of the key pairs created in the second step (for example, [SK 1 , PK 1 ]), and hides the others, if they were created, in a safe place.
- If the key pair being used is compromised, its key (in the example, PK 1 ) is placed in the list of reviews, and one of the spare keys is used for authentication. Or, another additional key is created that has a certification chain starting with PK 0 (for example, PK 0 - PK 2 - PK n + 1 ).
Speaking specifically about cryptocurrencies, the solution of the problem described here does not make much sense (with the help of a stolen key, the attacker immediately empties the wallet), but the topic of "authentication" is far from being used in cryptocurrency.
For convenience of further discussion, we can offer the following notation for the keys used:
i-key - an identity key. In this example, it is PK 0 .
a-key - authentication key. In this example, this is PK 1 or any other key, directly or indirectly signed by i-key .
hc-key- one of the additional securely hidden keys (the attacker knows neither the fact of their existence, nor their number) used to restore access in case of a-key compromise .
A small note to the use of one-time secret keys. The scheme is workable only if the subject who created the original key pair has no motivation to keep a secret key for himself for some particular need. When using this technology for authentication, all needs are fully covered by a set of additional hc-keys (by the way, a riddle for those present: what does the abbreviation hc mean?). Preserving the original key does not bring any benefit, but it creates a vulnerability that makes it possible to permanently hijack the identifier.
PS If the technology described here is suddenly original, then there is a desire to turn this publication into an article in some respected English-language publication. For those who can help with this, I propose cooperation either for remuneration or for co-authorship.