Misuse-resistance audit (nucypher-ts <> nc/nc)

[jMyles]

No description provided.

[jMyles]

OK, @theref and I had two fairly hard-hitting calls-and-walkthroughs on this topic. We have identified each secret requiring custody, given the protocol possibilities we have discussed, in this codebase in particular (ie, with passing recognition only, at most, to Ursula's secrets). We tried to consider protocol possibilities that have been seriously discussed but not yet finalized (ie, Enrico signing the Condition set), but to exclude those discussed only briefly or not discussed at all.

The primary outcome is with respect to the issues linked below; either opened during the course of this investigation or, during it, understood as having an impact on misuse resistance.

The secondary goal was (and secondary achievement is) to explore this codebase with enough inquiry into the matter of where and how these secrets are actually handled (or will be handled) to be able to discuss the matter intelligently with @piotr-roslaniec (which joined us for a little bit of our second call - thanks man :-) ). @KPrasch also offered storms of brain as this call wound down.

---

The following are notes I scratched during the second call, marked where appropriate with issues that we've subsequently opened:

'''

• Do (we want it to be the case that) conditions get signed?
  -- Condition signature attestation possibilities:
  --- Bob says, "See? The access I was granted was legitimate, given these conditions - see for yourself."
  --- Ursula says, "I applied the conditions as they were written - see the signature here."

• At reencryption time: Ursula can sign (perhaps toggleable by Enrico or Alice) a message containing:
  -- Bob address (if available)
  -- Conditions
  -- CFrag
  -- Latest block hash

(Note after-the-fact: we discussed these four as a kit representing a sort of next-generation HRAC, providing a potential vector for authentication not of "what" of the payload shared with Bob, but of the "how" - seems possibly useful in metaverse contexts or something?)

• Secret material use list (excluding Ursula):
  -- Alice transacting (cold) Alice cold secrets #160
  -- Alice transacting (hot - authorized updates or whatever) Alice hot secrets #161
  -- Alice signing Alice Signing Secret #162
  -- Material involved in stripping prevention Is there a secret involved in prevention of condition stripping? #163
  -- Enrico plaintext signing Does Enrico sign plaintext? Ciphertext? Both? #157
  -- Enrico ciphertext signing (also Does Enrico sign plaintext? Ciphertext? Both? #157)
  -- Enrico condition signing What secret material does Enrico use to sign Conditions? #156
  -- Enrico transacting/deriving (Does Enrico bear a secret in order to demonstrate his standing to adhere conditions? #155)
  -- SpecificManBob decrypting Does Ursula encrypt the CFrag for SpecificManBob? #164
  -- SpecificManBob transacting Does SpecificManBob have the ability to demonstrate his TransactingPower for the purposes of fulfilling a Condition? #165

-- EverymanManBob decrypting material is not secret; needs to be marked as such ( #159)

'''

Does Bob need an additional secret in order to access the Conditions, for local verification?

#56 (comment)

---

How does Alice adhere the conditions? Is a secret needed?

nucypher/nucypher#3050

[jMyles]

I believe that the comment above now represents comprehension as of the current ref. Closing.