Skip to content

blind signing key zeroing serves no privacy function #14

Description

@nothingmuch

The per-round RSA private key lives in the coordinator's memory for the
duration of an active round and is structurally dropped (and
cryptographically zeroized) at the end of the round. This section is the
threat-model treatment of that window in its bounded form, post-AUDIT-03.

this section implies there's a threat model associated with this design requirement but no such threat exists: the secrecy of the server credentials only protects liveness, and there is no rationale for zeroing the key material (the information about the transaction, on the other hand, does make sense to zero for forward privacy in the event of server compromise after coordination)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions