[coniks] Coniks-related project - PrivMX
s.smyczynski at simplito.com
Tue Nov 28 18:40:58 EST 2017
To get a location of user's data in the tree we use binary index (for
name/key) computed with the use of VRF function (based on secp256k1
elliptic curve cryptography and sha256 hash function) but instead of
creating Merkle Tree bit-by-bit we use binary prefixes as tree edge
labels. In our implementation there are no special Empty Nodes but just
Interior and Leaf Nodes.
Initially the tree contains only a single Leaf Node with server public
keystore with index = VRF("server:") (this pgp keystore contains public
key used for VRF function).
Proofs of inclusion or absence look almost the same as in original
CONIKS, the only difference is the variable path length (due to binary
infix compression of tree edges) and some details related to that.
In PrivMX PKI every server has the obligation to make its blockchain of
Signed Tree Roots publicly visible.
On first contact between servers A and B (e.g. on A's user sending first
encrypted message to B's user), server A starts monitoring server B and
is able to detect invalid changes.
We also have implemented PKI Web-Of-Trust which can be set up in such a
way that server A always asks a few other "friendly cosigners" to verify
the "common view" of server's B state.
I hope it clarifies something a little :) If I can provide any more
details I'll be happy to do so.
More information about the coniks