2

I’ve been thinking about P2P systems using asymmetric keys and wondering if there is anyway to recover an identity in the event it was compromised using some kind of web-of-trust.

This seems to be a large issue compared to a regular system (using a central authority) that can remove the intruder's access and restore control of the account to the real owner (Digicert, facebook, twitter, etc...).

Possible Peer-run Certificate Authority Design

What if a master key pair was generated by a user and then used to create a subkey. Then using 16+ random bytes the master keys private component could be encrypted. The public and encrypted private key parts can be stored on the network publicly. The public part of this master key would be the root identity for that user.

The owner could choose 5+ nodes on the network (friends?) to store parts of the passphrase used to encrypt the master key private component and then erase it's knowledge of those bytes.

The subkey would be the active user identity (with it's own AES password protecting the private part). Should this client get phished, forget their password, or someone steal their sub-key private component, we could use the peers to restore the master key and revoke this subkey. Then we could generate and sign a new subkey.

I'm not sure how this would work other than the client sending a request to each node and them verifying the client though some out-of-bands way (phone call? Text?) before sending their part of the master key password.

Would this work? Are their any existing solutions to this problem?

Xeoncross
  • 313
  • 2
  • 12
  • 1
    This sounds similar to the use of subkeys with PGP for key revokation. See http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-key-revocation.html and https://wiki.debian.org/Subkeys. – mti2935 Jan 01 '20 at 22:05
  • Yes, using subkeys is pretty common. What I'm asking about is recovery of an identity using any method. My only thought so far is using a masterkey and avoiding giving the node/owner knowledge of the master key secret so that it can't be stolen or forgotten. – Xeoncross Jan 01 '20 at 22:14

1 Answers1

0

You could try to mimic Certificate Revocation Lists. That means that each member of the network could publish its public key on a site they manage. But as you have no global authority, I cannot imagine a way to certify the current public key. Said differently, if an attacker manages to hack the site displaying the public key, they could impersonate the user on the network by presenting a new key.

If there were out of band ways of exchanging information (phone ?) we could imagine that each current public key should be signed by another user from the network. In that case, the attacker should hack more than one site to be able to impersonate a single user, but it would lead to rather complex processes...

Serge Ballesta
  • 25,636
  • 4
  • 42
  • 84
  • I think you're focused on marking a key as compromised (revocation lists). My question is how do we _recover_ ownership of a public key "identity" (a group of keys) though? Any thoughts on the distributed, peer-trust CA design I mentioned? – Xeoncross Jan 06 '20 at 20:33