Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🤔 Revisit export of private guardian information #607

Open
1 task done
keithrfung opened this issue Apr 22, 2022 · 0 comments
Open
1 task done

🤔 Revisit export of private guardian information #607

keithrfung opened this issue Apr 22, 2022 · 0 comments
Labels
code owner only Only for Code Owner enhancement New feature or request

Comments

@keithrfung
Copy link
Collaborator

keithrfung commented Apr 22, 2022
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Suggestion

The PrivateGuardianRecord is designed to be part of the data schema for one particular use case.

https://github.com/microsoft/electionguard-python/blob/03698c683ab35f608e35dc9b66217caa1d40f7eb/src/electionguard/guardian.py#L88-L110

This class is designed to be an export of exclusively the private information of the Guardian. A class that could perhaps be saved on a yubikey or similar device. It should only have the information that the Guardian should maintain for the decryption process and nothing else.

Possible Implementation

Simplify the class down to less items and include the decrypted values of the backups as opposed to the encrypted. This will only matter once secret sharing is complete but it means the class is inaccurate at this juncture.

@dataclass
class PrivateGuardianRecord
        guardian_id: GuardianId
        election_keys: ElectionKeyPair
        guardian_key_shares: Dict[GuardianId, ElementModQ] # Same as decrypted_backups, could be a class

Anything else?

Closely relates to #355

Adding more context and detail.

The Guardian only needs to be responsible for keeping minimal information from Key Ceremony to Decryption. This is represented in the PrivateGuardianRecord. The items that need to be maintained secretly are some self identifying pieces of information and the secrets themselves.

The two secrets are the ElectionKeyPair in particular the Secret Key and the key shares for any guardians that could be missing. Note, the shares themselves are the actual value not the backup which is used in the ceremony. This will help prevent future issues with key sharing when the values are encrypted and any storage issues since the only value needed to store is essentially a number, even if represented in hex.

The key share or Backup is the share of the private key given by a guardian to each other guardian . Secret sharing is the distribution of these keys. The only value that is used is the coordinate which can be seen in use here in the threshold decryption.
https://github.com/microsoft/electionguard-python/blob/03698c683ab35f608e35dc9b66217caa1d40f7eb/src/electionguard/decryption.py#L474

The issue comes that when secret sharing is added, these values will now be encrypted in the backup so the backup itself shouldn't be saved. This makes sense regardless because it contains proofs that are not used after the key ceremony and aren't contained in the Election Record.
@keithrfung keithrfung added enhancement New feature or request triage Waiting to be triaged code owner only Only for Code Owner and removed triage Waiting to be triaged labels Apr 22, 2022
@keithrfung keithrfung mentioned this issue Apr 25, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
code owner only Only for Code Owner enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@keithrfung