Secret Sharing
Secret Sharing among a set of hardware TEE has been the fundamental design element in Ternoa Fortress from the first day. Secret sharing allows a secret (private key) to be distributed among a group of participants (TEE nodes, i.e. Intel SGX server) such that only a qualified subset (threshold) can reconstruct the original secret key. Respecting the ownership of the plain data, in Ternoa the secret sharing process has to be done on the client side by the user, or users for multi-party applications.
Verifiable Redistributable Secret Sharing
Secret Sharing among a set of hardware TEE has been the fundamental design element in Ternoa Fortress from the first day. Secret sharing allows a secret (private key) to be distributed among a group of participants (TEE nodes, i.e. Intel SGX server) such that only a qualified subset (threshold) can reconstruct the original secret key. Respecting the ownership of the plain data, in Ternoa the secret sharing process has to be done on the client side by the user, or users for multi-party applications.
Secret Sharing Schemes (SSS)
Shamir’s Secret Sharing: This popular scheme uses polynomial sharing. The secret is the constant term of a polynomial of degree (t-1), where t is the threshold. Each participant receives a share, which is a point on the polynomial. To reconstruct the secret, any participants can combine their shares using Lagrange interpolation. Ternoa Node.JS SDK natively supports this scheme.
Pedersen’s Secret Sharing (Verifiable): Pedersen’s scheme introduces verifiability. Shares are commitments (cryptographic objects hiding a value) to polynomials. Participants can verify the validity of their shares and those of others without revealing the secret. Rust Implementation WASM of this scheme has been provided in the development branch of Ternoa Node.JS SDK. In this version encryption of secret-NFT media is symmetric to increase the performance and security. The mutable nature of the Capsules requires public key encryption. To have a future-proof encrypted media, we are adopting the post-quantum CRYSTALS-Kyber algorithm as an alternative option to have a future-proof encrypted media.
Key Rotation: Towards Redistributable and Verifiable Secret Sharing (RVSS)
While the above schemes offer basic secret-sharing functionality, they lack proactive security for all participants. RVSS builds upon these concepts:
Proactive security: Shares are updated periodically using a special technique without reconstructing the secret or requiring communication with the dealer (user wallet). This ensures security even if some participants are compromised over time.
Universal verifiability: All participants can verify the correctness of their shares and those shared by others. This strengthens trust and helps detect inconsistencies or malicious tampering.
Of course, the user can re-encrypt the data with a new private key and then replace the previous key with a new one, but this is time-consuming for multiple data with large sizes and needs the user’s active presence. Cryptography aims to be less restrictive and more transparent for user experience. So key redistribution will happen regularly behind the scenes, between the TEE nodes.
There are few efficient and academically approved methods combining Redistributability and Verifiability, The Ternoa research team is investigating a post-quantum version of the RVSS/PVSS algorithm for the next stable release.
Currently, users can use any arbitrary secret sharing scheme on their private keys with two constraints (If they don’t want to use Ternoa SDK):
Ternoa blockchain (tee-pallet) supports the (3,5) threshold scheme, which means the private key must be partitioned into 5 secret shares, and then it can be reconstructed with 3 or more secret shares. We will support flexible and larger schemes in future releases. Higher shares and thresholds increase the security, require more TEE machines, and impose higher fees on the user.
Any encoding is acceptable while the size of each key share is kept at less than 3KB, which is sufficiently large for today’s cryptography. This limitation on size will either be replaced soon by a verification algorithm inside TEE or with a stronger limit of 128B for efficiency.
When the secret shares are generated on the user’s device, they should be transferred securely to TEE nodes, and their ownership should be registered on the blockchain as well.
Last updated