Author: Dmitry Petukhov 2021-02-14 11:28:58
Published on: 2021-02-14T11:28:58+00:00
A proposal for an encryption scheme for a multisig setup was made by Hugo Nguyen, which utilized PBKDF2 with SHA512 as the key derivation function. The coordinator and signers exchange two secrets, HUMAN_READABLE_TITLE and NONCE, prior to setup. The NONCE can be converted into a 6-word phrase, a 20-digit decimal number, or a QR code. The flexibility in data format allows vendors to customize the user experience based on their device capabilities. A concern about the vulnerability of the scheme to rainbow table attacks was raised, prompting suggestions such as using a longer token or making use of mnemonics. A discussion between Hugo and Dmitry Petukhov followed, where they considered issues such as the difficulty of entering long data into a device manually and confusion between procedures. In another email thread, Dmitry proposed adding a requirement for signers to derive participant ids but later concluded that this would only complicate matters without net positive tradeoff. It was suggested that a unique TOKEN per participant could suffice, and there may not be a need to mention the possibility of deriving a public 'participant id' in the specification.
Updated on: 2023-06-14T17:32:25.416970+00:00