tbcrypt

README

tbcrypt

Time-Based Encryption (ABE) Messages, that self-destruct

Documentation

Overview

This package implements a Time-Based encryption system. A Message is encrypted using the public key of the recipient and a "Time Ticket" which is a short-lived public key generated by a "Time-Authority". The recipient can decrypt the message if, and only if the "Time-Authority" owning the private key of the "Time Ticket" "signs" the private key of the recipient. As the "Time-Authority" usually revokes the "Time Ticket" destroying the associated private key, signatures will become impossible after a "Time Ticket" has been revoked.

This cryptosystem is especially useful for defending people against omnipotent power, for example oppressive government or "law enforcement". For example: The UK Law-enforcement seizes computer(s)/laptop(s) from animal rights activists and wrings their decryption keys and passwords from them. They're unable to decrypt (most of) the recipient's messages, since the Time-Tickets of those messages have already expired, an no one owns the associated private keys any more. Even if the "Law-enforcement" seizes the Time-Authority, it could not gain access to these messages anymore, since the wanted keys simply don't exist at this point.

Index

• func Alice_Decrypt(S1 *bn256.G2, S2 []byte, priv *big.Int, B *bn256.G1) (SharedSecret *bn256.GT, E error)
• func Bob_Encrypt(r io.Reader, pub *bn256.G2, taPub *bn256.G1) (SharedSecret *bn256.GT, B *bn256.G1, E error)
• func TA_Sign(r io.Reader, pub *bn256.G2, taPriv *big.Int) (S1 *bn256.G2, S2 []byte, E error)

Functions

func Alice_Decrypt

func Alice_Decrypt(S1 *bn256.G2, S2 []byte, priv *big.Int, B *bn256.G1) (SharedSecret *bn256.GT, E error)

"Decrypts" a shared secret using a signature and the private key.

func Bob_Encrypt

func Bob_Encrypt(r io.Reader, pub *bn256.G2, taPub *bn256.G1) (SharedSecret *bn256.GT, B *bn256.G1, E error)

"Encrypts" a shared secret using a public key (pub) and a Time-Ticket (taPub).

func TA_Sign

func TA_Sign(r io.Reader, pub *bn256.G2, taPriv *big.Int) (S1 *bn256.G2, S2 []byte, E error)

Signs a public key. This step is done by the Time-Authority. Note that the Signature can still be used after the Time-Ticked has expired. The signature should be communicated using a secure channel only (such as the Noise protocol), to avoid anyone capturing the signature for later decryption of messages.