Legend:
Library
Module
Module type
Parameter
Class
Class type
Timelock is a set of functions to handle time-locking a value and opening time-locked values.
A time-locked value can either be opened quickly by the locker itself (i.e., the one possessing the RSA secret), or slowly by anyone doing a fixed number of sequential operations.
In the interface of this module, this fixed number is consistently named time and is represented by an integer.
Once opened via the slow method a proof of opening can be produced to avoid having to do so again. This proof is verifiable in logarithmic time.
In order to time-lock an arbitrary sequence of bytes, we 1. encrypt the bytes with a symmetric key, and then 2. we time-lock the symmetric key itself.
This module implements a scheme inspired by: Time-lock puzzles and timed release - Rivest, Shamir, Wagner https://people.csail.mit.edu/rivest/pubs/RSW96.pdf
!!! WARNING !!!
WE USE 2048 RSA KEYS WHICH DO NOT PROVIDE THE CLASSICAL 128 BITS OF SECURITY. WE ALLOW OURSELVES TO DO THAT SINCE WE DO NOT EXPOSE KEYS FOR A LONG TIME. YOU ARE RESPONSIBLE FOR NOT REUSING OLD KEYS
type symmetric_key
We will time-lock symmetric keys to then handle arbitrary bytes
type rsa_public
RSA public key to define a group in which we will work. The key is an integer n = p*q with p,q primes number. The group we work in is the set of inversible mod n.
type rsa_secret
RSA secret key of the from p,q. Indicates the cardinal of the group.
type timelock_proof
Proof that the opening of a value is the claimed value. It is concretely a member of the RSA group.
type locked_value
Locked value that can be quickly access with a secret or slowly-access with a number of sequential operations. It is concretely a member of the RSA group.
type unlocked_value
Member of the RSA group that we will lock. In our case it represents a symmetric key.
type ciphertext
A symmetric ciphertext and message authentication code, containing the bytes we want to protect
Generates random RSA keys of 2048 bits. The size works only if we use them for a small amount of time. !!! NEW KEYS SHOULD BE GENERATED FOR EACH LOCKING !!!
Generates almost uniformly an integer mod n. It is in the RSA group with overwhelming probability. We use this since we want to lock symmetric keys, not pre-determined messages.
Result of the opening of a chest. The opening can fail in two ways which we distinguish to blame the right party. One can provide a false unlocked_value or unlocked_proof, in which case we return Bogus_opening and the provider of the chest key is at fault. Othewise, one can lock the wrong key or put garbage in the ciphertext in which case we return Bogus_cipher and the provider of the chest is at fault. Otherwise we return Correct payload where payload is the content that had originally been put in the chest.