Documentation (Anonymous)

Multi-User Access

How users with different passwords can access the same ‘no knowledge’ encrypted data?

Use cases

  1. Simple - single user with exclusive personal access to a model
  2. Shared - single user choose to share model access with another known user
  3. Group - access assigned to a group that users are then members of
    • but which way is access filtered? Higher more, or less?

How To Access The Data

  1. Generate a Symmetric Key:
    • Generate a random symmetric encryption key (e.g., AES key) for encrypting the data. This key will be used to encrypt and decrypt the data.
  2. Encrypt Data with the Symmetric Key:
    • Encrypt the data using the symmetric key. This ensures that the data is secure and can be efficiently encrypted and decrypted.
  3. Encrypt the Symmetric Key for Each User:
    • For each user who should have access to the data, use their public key (asymmetric encryption) to encrypt the symmetric key. This will create an encrypted version of the symmetric key that only that specific user can decrypt with their private key.
  4. Access Control and Key Management:
    • Store the encrypted symmetric keys alongside the data.
    • Implement access control mechanisms to manage which users have access to which encrypted symmetric keys and, therefore, the data.
    • When a user wants to access the data, they provide their private key to decrypt the symmetric key, which is then used to decrypt the data.

This way, you can share the encrypted data with multiple users, each of whom has their own private key for decrypting the symmetric key, allowing them to access the data without sharing a common password. The data remains securely encrypted with the symmetric key, and access control is managed by controlling access to the encrypted symmetric keys.

How to take key management off the user.

  1. Generate User Key Pairs:
    • Generate a unique public/private key pair for each user.
  2. Create a Secure User Account:
    • Each user should have a secure user account with a username and password for authentication purposes.
  3. Encrypt Data with Symmetric Key:
    • When you want to encrypt data for a user, generate a random symmetric encryption key (e.g., AES key).
    • Encrypt the data using this symmetric key.
  4. Encrypt the Symmetric Key with the User’s Public Key:
    • Encrypt the symmetric key using the user’s public key (asymmetric encryption).
    • Store the encrypted symmetric key alongside the encrypted data.
  5. Store User Credentials Securely:
    • Store user credentials (username and password) securely on your server. Use strong encryption and hashing techniques to protect these credentials.
  6. User Access:
    • When a user wants to access the data, they provide their username and password to authenticate.
    • Retrieve the user’s encrypted symmetric key stored alongside the data.
    • Decrypt the symmetric key using the user’s private key.
    • Use the decrypted symmetric key to decrypt the data.

Sequence Diagrams

Naive non-zero-knowledge option

Simpler, based on private key stored in authentication provider

Zero-knowledge - but is this secure?

missing!

Thinking Stuff

re: ‘Use Cases at the top’

  1. Find code…
Copyright ©2024 Numical, All Rights Reserved