- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Wed, 29 Jan 2020 20:02:53 +0000
- To: public-webauthn@w3.org
Hi everyone, I'm pleased to report there's been some more progress on this. Yubico and Mozilla have been collaborating with researchers from Surrey Centre for Cyber Security, at the University of Surrey, who have now formally modeled and proved security of this key generation scheme - meaning that the backup private keys (`p = cred_key + s`) can indeed be derived only if one knows the backup seed private key (`s`); and that the backup public keys (`P = cred_key * G + S`) remain unlinkable to ensure privacy. The next phase will be to investigate whether signatures produced by these backup private keys remain unforgeable. The researchers intend to publish their work after that is done. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/931#issuecomment-579934579 using your GitHub account
Received on Wednesday, 29 January 2020 20:02:55 UTC