W3C home > Mailing lists > Public > public-webauthn@w3.org > January 2020

Re: [webauthn] Recovering from Device Loss (#931)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 29 Jan 2020 20:02:53 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-579934579-1580328172-sysbot+gh@w3.org>
Hi everyone, I'm pleased to report there's been some more progress on this.

Yubico and Mozilla have been collaborating with researchers from Surrey Centre for Cyber Security, at the University of Surrey, who have now formally modeled and proved security of this key generation scheme - meaning that the backup private keys (`p = cred_key + s`) can indeed be derived only if one knows the backup seed private key (`s`); and that the backup public keys (`P = cred_key * G + S`) remain unlinkable to ensure privacy. The next phase will be to investigate whether signatures produced by these backup private keys remain unforgeable. The researchers intend to publish their work after that is done.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/931#issuecomment-579934579 using your GitHub account
Received on Wednesday, 29 January 2020 20:02:55 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 04:00:07 UTC