On Tue, Aug 8, 2017 at 4:57 PM, Dave Cridland <dave@xxxxxxxxxxxx> wrote:
On 8 August 2017 at 18:25, vaibhav singh <vaibhavsinghacads@xxxxxxxxx> wrote:
>
>
> On Tue, Aug 8, 2017 at 8:56 PM, Dave Cridland <dave@xxxxxxxxxxxx> wrote:
>>
>> On 14 July 2017 at 15:42, Yoav Nir <ynir.ietf@xxxxxxxxx> wrote:
>> > While it may be OK to share a key with my phone (but too difficult to do
>> > securely in practice), sharing with a delegate is hairy on many
>> > different
>> > layers. But still it’s the same issue.
>>
>> I think it's all solvable using Proxy Re[en]cryption, but that seems
>> to be a little fraught with patents at the moment.
>
>
> I am not comfortable with sharing my private key with anyone, be it the
> proxy user itself. I believe that is a requirement for Proxy Reencryption,
> please correct me if I may have interpreted it wrongly.
>
You have interpreted it incorrectly.
The proxy holds a key that will change a message encrypted to its
proxy key into a message encrypted for an authorized key. It cannot
decrypt the message to plaintext itself.
All quite bleeding edge, all quite patent-encumbered, but look at
Mathew Green's work for details - he's been researching very heavily
in this field.
Proxy re-encryption has been around for 25 years. It is hardly cutting edge.
There is a patent on the DRM use expiring soon. But the original Blaze scheme does everything I need. It certainly isn't 'all' encumbered.
It seems to me that the cryptographers got a particular mathematical property into their head as 'essential' which really isn't if you design protocols. So I don't need the paired stuff.
I wrote some stuff on this:
If you know of patent claims on the DH based scheme I describe, please let me know.