Date   

#SharedCrypto 3rd party library standards #SharedCrypto

Middleton, Dan
 

I propose we establish some standards for libraries we will incorporate in crypto-lib (or Ursa or whatever we will soon call it :)  )

 

As a motivating example there’s a PR to add a blake2 library. I’ve not independently verified the performance claims but it looks like it is quite fast. In the risk department, though, the source repo indicates a single contributor and only 2-3 months of history. The latter raises risks that the code is not hardened and the former is a risk that it won’t be maintained.

 

The different tiers we establish complicate having a single list of criteria. Without being too rigid we could probably make a matrix of what degree applies to which tier. Here’s a starter list of criteria:

 

  • Maturity (how long has this code existed)
  • Maintainer count (how likely is the code to be maintained and issues responded to)
  • Community size (are there active mail lists and users that indicate it’s in active use)
  • Bug reporting (is there a way to submit security bugs)
  • What is the maintenance history (regular updates, patches, responsiveness for CVEs)?
  • Known issues (due diligence that the code is sound)
  • Are there protected releases (can we depend on signed libraries)

 

Taking `maturity` as a simple example we could set the levels for the 3 tiers as

Standard:            1 year

Semi-Trusted:   3 months

Research:            NA

 

Interested in feedback on this approach.

 

Regards,

Dan

 

 


#SharedCrypto crypto-lib meeting tomorrow #SharedCrypto

Hart Montgomery
 

Hi Everyone,

 

This is just a reminder for tomorrow’s crypto-lib meeting (7:00 AM Pacific time, as usual).  Some things to discuss:

 

1.       My perception is that we’re on the cusp of proposing crypto-lib to the TSC for incubation status.  I’d like to discuss this with everyone at the meeting.  As such, if you haven’t gone over the proposal document recently, please take a look: https://docs.google.com/document/d/1JtFT5L-82egj6shgGXzTsNAg6_UHuMheKfsst6NS_Xo/edit?usp=sharing.  I have made some edits recently after discussions with Dan M and Shawn, among others.  Ideally, we could announce to the TSC this week that we were planning on asking for a vote in the near future.

2.       Hackfest recap:  we will go over the progress made at the hackfest and next steps.

3.       Whatever else people want to talk about.

 

Thanks a lot for everyone’s time, and I hope to speak with many of you tomorrow.

 

Thanks,

Hart

 

 


Re: #SharedCrypto team-specific hack-a-thon? #SharedCrypto

David Huseby <dhuseby@...>
 

I’ll be there I think. If we have a hackathon I’ll be there for sure. 

Dave

On Fri, Oct 12, 2018 at 3:09 PM Montgomery, Hart <hmontgomery@...> wrote:

I can't promise anything since I haven't confirmed yet, but I might be able to offer space at our Sunnyvale campus either before or after Real World Crypto  (but probably before, since it's a Wed-Fri event) this coming January.  If it's a small group, then I can almost certainly do it.

 

I doubt RWC is a good venue for a hackathon though--people are usually pretty drained from going to the talks all day.  I've never seen anyone try to do a hackathon in conjunction with an IACR conference before, and I'd be worried about turnout (RWC may be an exception to this rule, but I'd be surprised).  Most people are there to go to talks and socialize, not hack.  It would be difficult to get new people. 

 

Are lots of people on this list planning on coming to RWC?  If so, at minimum I can try to plan for a crypto-lib workday on the Tuesday before RWC.

 

Thanks,

Hart

 

 

From: labs@... [mailto:labs@...] On Behalf Of Geater, Jon
Sent: Friday, October 12, 2018 1:03 PM
To: David Huseby <dhuseby@...>; labs@...
Subject: Re: [Hyperledger Labs] #SharedCrypto team-specific hack-a-thon?

 

I think it’s a good idea.  The Crypto Lib is a very good fit for a hackathon in my opinion - lots of small jobs, lots of specialist edges that will benefit from a quick injection of niche skills, no distracting demo UI pressure...

 

Jon

 





 

Jon Geater
CTO

Tel: +44 1223 703479
Mob: +44 7966 995312

@thalesesecurity

Thales eSecurity
One Station Square
Cambridge CB1 2GA

United Kingdom

www.thalesesecurity.com

 

On Fri, Oct 12, 2018 at 8:45 PM +0100, "David Huseby" <dhuseby@...> wrote:

Hi Crypto-Lib Team,
 
We're busy building the 2019 budget and I was considering setting
aside some money so that HL could pay for space/snacks/swag for doing
crypto-lib specific hack-a-thons that coincide with events such as
Real World Crypto.  Since we're all likely to be attending these
conferences, it might make sense to take advantage of that and get
some space for us to meet in during the evenings or the day after the
event.
 
I'm looking for feedback from the rest of you on if you think it is a
good idea and a good use of HL resources.  Please respond ASAP.
 
Cheers!
Dave
---
David Huseby
Security Maven, Hyperledger
The Linux Foundation
+1-206-234-2392
dhuseby@...
 
 
 
 

--
---
David Huseby
Security Maven, Hyperledger
The Linux Foundation
+1-206-234-2392
dhuseby@...


Re: #SharedCrypto team-specific hack-a-thon? #SharedCrypto

Hart Montgomery
 

I can't promise anything since I haven't confirmed yet, but I might be able to offer space at our Sunnyvale campus either before or after Real World Crypto  (but probably before, since it's a Wed-Fri event) this coming January.  If it's a small group, then I can almost certainly do it.

 

I doubt RWC is a good venue for a hackathon though--people are usually pretty drained from going to the talks all day.  I've never seen anyone try to do a hackathon in conjunction with an IACR conference before, and I'd be worried about turnout (RWC may be an exception to this rule, but I'd be surprised).  Most people are there to go to talks and socialize, not hack.  It would be difficult to get new people. 

 

Are lots of people on this list planning on coming to RWC?  If so, at minimum I can try to plan for a crypto-lib workday on the Tuesday before RWC.

 

Thanks,

Hart

 

 

From: labs@... [mailto:labs@...] On Behalf Of Geater, Jon
Sent: Friday, October 12, 2018 1:03 PM
To: David Huseby <dhuseby@...>; labs@...
Subject: Re: [Hyperledger Labs] #SharedCrypto team-specific hack-a-thon?

 

I think it’s a good idea.  The Crypto Lib is a very good fit for a hackathon in my opinion - lots of small jobs, lots of specialist edges that will benefit from a quick injection of niche skills, no distracting demo UI pressure...

 

Jon

 





 

Jon Geater
CTO

Tel: +44 1223 703479
Mob: +44 7966 995312

@thalesesecurity

Thales eSecurity
One Station Square
Cambridge CB1 2GA

United Kingdom

www.thalesesecurity.com

 

On Fri, Oct 12, 2018 at 8:45 PM +0100, "David Huseby" <dhuseby@...> wrote:

Hi Crypto-Lib Team,
 
We're busy building the 2019 budget and I was considering setting
aside some money so that HL could pay for space/snacks/swag for doing
crypto-lib specific hack-a-thons that coincide with events such as
Real World Crypto.  Since we're all likely to be attending these
conferences, it might make sense to take advantage of that and get
some space for us to meet in during the evenings or the day after the
event.
 
I'm looking for feedback from the rest of you on if you think it is a
good idea and a good use of HL resources.  Please respond ASAP.
 
Cheers!
Dave
---
David Huseby
Security Maven, Hyperledger
The Linux Foundation
+1-206-234-2392
dhuseby@...
 
 
 
 


Re: #SharedCrypto team-specific hack-a-thon? #SharedCrypto

Geater, Jon <Jon.Geater@...>
 

I think it’s a good idea.  The Crypto Lib is a very good fit for a hackathon in my opinion - lots of small jobs, lots of specialist edges that will benefit from a quick injection of niche skills, no distracting demo UI pressure...

Jon






 
Jon Geater
CTO
Tel: +44 1223 703479
Mob: +44 7966 995312
@thalesesecurity

Thales eSecurity
One Station Square
Cambridge CB1 2GA
United Kingdom



www.thalesesecurity.com

On Fri, Oct 12, 2018 at 8:45 PM +0100, "David Huseby" <dhuseby@...> wrote:

Hi Crypto-Lib Team,

We're busy building the 2019 budget and I was considering setting
aside some money so that HL could pay for space/snacks/swag for doing
crypto-lib specific hack-a-thons that coincide with events such as
Real World Crypto.  Since we're all likely to be attending these
conferences, it might make sense to take advantage of that and get
some space for us to meet in during the evenings or the day after the
event.

I'm looking for feedback from the rest of you on if you think it is a
good idea and a good use of HL resources.  Please respond ASAP.

Cheers!
Dave
---
David Huseby
Security Maven, Hyperledger
The Linux Foundation
+1-206-234-2392
dhuseby@...





Re: #SharedCrypto team-specific hack-a-thon? #SharedCrypto

Mark Wagner
 

While I wont be participating, I like the idea


On Fri, Oct 12, 2018, 15:45 David Huseby <dhuseby@...> wrote:
Hi Crypto-Lib Team,

We're busy building the 2019 budget and I was considering setting
aside some money so that HL could pay for space/snacks/swag for doing
crypto-lib specific hack-a-thons that coincide with events such as
Real World Crypto.  Since we're all likely to be attending these
conferences, it might make sense to take advantage of that and get
some space for us to meet in during the evenings or the day after the
event.

I'm looking for feedback from the rest of you on if you think it is a
good idea and a good use of HL resources.  Please respond ASAP.

Cheers!
Dave
---
David Huseby
Security Maven, Hyperledger
The Linux Foundation
+1-206-234-2392
dhuseby@...




Re: #SharedCrypto team-specific hack-a-thon? #SharedCrypto

Middleton, Dan
 

sounds good to me

--Dan

On 10/12/18, 2:45 PM, "labs@lists.hyperledger.org on behalf of David Huseby" <labs@lists.hyperledger.org on behalf of dhuseby@linuxfoundation.org> wrote:

Hi Crypto-Lib Team,

We're busy building the 2019 budget and I was considering setting
aside some money so that HL could pay for space/snacks/swag for doing
crypto-lib specific hack-a-thons that coincide with events such as
Real World Crypto. Since we're all likely to be attending these
conferences, it might make sense to take advantage of that and get
some space for us to meet in during the evenings or the day after the
event.

I'm looking for feedback from the rest of you on if you think it is a
good idea and a good use of HL resources. Please respond ASAP.

Cheers!
Dave
---
David Huseby
Security Maven, Hyperledger
The Linux Foundation
+1-206-234-2392
dhuseby@linuxfoundation.org


#SharedCrypto team-specific hack-a-thon? #SharedCrypto

David Huseby <dhuseby@...>
 

Hi Crypto-Lib Team,

We're busy building the 2019 budget and I was considering setting
aside some money so that HL could pay for space/snacks/swag for doing
crypto-lib specific hack-a-thons that coincide with events such as
Real World Crypto. Since we're all likely to be attending these
conferences, it might make sense to take advantage of that and get
some space for us to meet in during the evenings or the day after the
event.

I'm looking for feedback from the rest of you on if you think it is a
good idea and a good use of HL resources. Please respond ASAP.

Cheers!
Dave
---
David Huseby
Security Maven, Hyperledger
The Linux Foundation
+1-206-234-2392
dhuseby@linuxfoundation.org


#SharedCrypto crypto-lib meeting tomorrow CANCELLED #SharedCrypto

Hart Montgomery
 

Hi Everyone,

 

I’m cancelling tomorrow’s crypto-lib meeting due to the fact that a large amount of our regular participants will be attending the Montreal hackfest.  I hope that we can come out of the meetings with a proposal for incubation ready to submit to the TSC.

 

Hope you all are doing well, and talk to everyone either tomorrow at the hackfest or in two weeks.

 

Thanks,

Hart


Re: #SharedCrypto crypto-lib meeting tomorrow #SharedCrypto

Middleton, Dan
 

Thanks for wrangling this, Hart.

Not sure if I can make it to today’s call. In case I can’t I’ve added a couple comments in the proposal.

As further high-level thoughts, though, it might be helpful to get more concrete on scope.

I think what we have is 2 sub-projects or feature areas. A signature library and z-mix. We should reference some kind of spec for each.

 

As the third tier is explicitly labs, we may as well be clear it’s out of scope of this “project”.  The lab has its own process and the project can elect to adopt lab code at the right time.

 

Other high-level thing is we should think about this project proposal with developer hats on.

 

Thanks,

Dan

 

From: <labs@...> on behalf of "hmontgomery@..." <hmontgomery@...>
Date: Tuesday, September 18, 2018 at 8:46 PM
To: "labs@..." <labs@...>
Subject: [Hyperledger Labs] #SharedCrypto crypto-lib meeting tomorrow

 

Hi Everyone,

 

This is just a reminder for tomorrow’s crypto-lib meeting.  Currently we have on the agenda:

 

  1. Discuss the project proposal document:  https://docs.google.com/document/d/1JtFT5L-82egj6shgGXzTsNAg6_UHuMheKfsst6NS_Xo/edit?usp=sharing .  Please read through this if you haven’t already.
  2. Modular hash functions (and symmetric primitives) for region compatibility.  People using Hyperledger in China are required to use government-approved cryptographic algorithms.  We need to discuss how to best deal with this.
  3. Updates and questions from the devs on z-mix and the shared signature library.

 

Thanks a lot for your time, and I hope to hear from many of you tomorrow.

 

Thanks,

Hart


#SharedCrypto crypto-lib meeting tomorrow #SharedCrypto

Hart Montgomery
 

Hi Everyone,

 

This is just a reminder for tomorrow’s crypto-lib meeting.  Currently we have on the agenda:

 

1.       Discuss the project proposal document:  https://docs.google.com/document/d/1JtFT5L-82egj6shgGXzTsNAg6_UHuMheKfsst6NS_Xo/edit?usp=sharing .  Please read through this if you haven’t already.

2.       Modular hash functions (and symmetric primitives) for region compatibility.  People using Hyperledger in China are required to use government-approved cryptographic algorithms.  We need to discuss how to best deal with this.

3.       Updates and questions from the devs on z-mix and the shared signature library.

 

Thanks a lot for your time, and I hope to hear from many of you tomorrow.

 

Thanks,

Hart


#SharedCrypto Updated Project Proposal Document #SharedCrypto

Hart Montgomery
 

Hi Everyone,

 

I’ve updated the project proposal document for crypto-lib.  Please take a look and tell me what you think.  I believe it reflects the current status of the work being done, as well as what we have discussed.

 

https://docs.google.com/document/d/1JtFT5L-82egj6shgGXzTsNAg6_UHuMheKfsst6NS_Xo/edit?usp=sharing

 

If you’d like edit privileges, please email me and I’ll add you.

 

Thanks, and have a great day.

 

Hart


Re: #SharedCrypto meetings at the Montreal Hackfest #SharedCrypto

max huang <MAX@...>
 

I am based on Toronto. Can I remote in?

Max


From: labs@... <labs@...> on behalf of hmontgomery@... <hmontgomery@...>
Sent: Thursday, September 13, 2018 11:29:18 AM
To: David Huseby; labs@...
Subject: Re: [Hyperledger Labs] #SharedCrypto meetings at the Montreal Hackfest
 
Hi Dave (and Everyone),

This sounds like a great idea.  I'd be happy to add an agenda item for next week's meeting.

In the meantime, I'm going to be updating the proposal for incubation.  I'll let everyone know when I have a draft of that that I think is worth public consumption.

Thanks,
Hart

-----Original Message-----
From: labs@... [mailto:labs@...] On Behalf Of David Huseby
Sent: Tuesday, September 11, 2018 11:17 AM
To: labs@...
Subject: [Hyperledger Labs] #SharedCrypto meetings at the Montreal Hackfest

Hi Everybody,

I'd like to propose that we plan an agenda and series of meetings for when we're all together in Montreal in a few weeks. I'd like to see us answer some of our lingering questions and actually write some code to move the library forward while we're there. Make it a true hackfest and land patches.

Does anybody have topics they'd like to cover? Hart, will you add an agenda item for the next crypto-lib meeting to discuss the agenda for the hackfest?

Thanks,
Dave
---
David Huseby
Security Maven, Hyperledger
The Linux Foundation
+1-206-234-2392
dhuseby@...







Re: #SharedCrypto meetings at the Montreal Hackfest #SharedCrypto

Hart Montgomery
 

Hi Dave (and Everyone),

This sounds like a great idea. I'd be happy to add an agenda item for next week's meeting.

In the meantime, I'm going to be updating the proposal for incubation. I'll let everyone know when I have a draft of that that I think is worth public consumption.

Thanks,
Hart

-----Original Message-----
From: labs@lists.hyperledger.org [mailto:labs@lists.hyperledger.org] On Behalf Of David Huseby
Sent: Tuesday, September 11, 2018 11:17 AM
To: labs@lists.hyperledger.org
Subject: [Hyperledger Labs] #SharedCrypto meetings at the Montreal Hackfest

Hi Everybody,

I'd like to propose that we plan an agenda and series of meetings for when we're all together in Montreal in a few weeks. I'd like to see us answer some of our lingering questions and actually write some code to move the library forward while we're there. Make it a true hackfest and land patches.

Does anybody have topics they'd like to cover? Hart, will you add an agenda item for the next crypto-lib meeting to discuss the agenda for the hackfest?

Thanks,
Dave
---
David Huseby
Security Maven, Hyperledger
The Linux Foundation
+1-206-234-2392
dhuseby@linuxfoundation.org


#SharedCrypto meetings at the Montreal Hackfest #SharedCrypto

David Huseby <dhuseby@...>
 

Hi Everybody,

I'd like to propose that we plan an agenda and series of meetings for
when we're all together in Montreal in a few weeks. I'd like to see us
answer some of our lingering questions and actually write some code to
move the library forward while we're there. Make it a true hackfest
and land patches.

Does anybody have topics they'd like to cover? Hart, will you add an
agenda item for the next crypto-lib meeting to discuss the agenda for
the hackfest?

Thanks,
Dave
---
David Huseby
Security Maven, Hyperledger
The Linux Foundation
+1-206-234-2392
dhuseby@linuxfoundation.org


#SharedCrypto crypto-lib meeting tomorrow #SharedCrypto

Hart Montgomery
 

Hi Everyone,

 

This is just a reminder for tomorrow’s (today’s, for many of you) crypto-lib meeting.  The plan is the following:

 

1.        Continue the discussion on Z-mix from the Monday meeting on Z-mix (with a brief refresher for people that were not in attendance).

2.       Further discuss steps forward to incubation status.

3.       Discuss recent updates to and the status of the signing library.

 

Thanks a lot for your time, and have a great day.  I hope to speak to many of you tomorrow.

 

Thanks,

Hart


Invitation: Crypto lib discussion #sharedcrypto #crypto-lib @ Weekly from 8am to 9am on Monday (PDT) (labs@lists.hyperledger.org) #SharedCrypto

Ry Jones
 

Crypto lib discussion #sharedcrypto #crypto-lib

When
Weekly from 8am to 9am on Monday Pacific Time - Los Angeles
Where
https://zoom.us/j/594175308 (map)
Calendar
labs@...
Who
(Guest list has been hidden at organizer's request)

Going?   All events in this series:   Yes - Maybe - No    more options »

Invitation from Google Calendar

You are receiving this courtesy email at the account labs@... because you are an attendee of this event.

To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://www.google.com/calendar/ and control your notification settings for your entire calendar.

Forwarding this invitation could allow any recipient to modify your RSVP response. Learn More.


#SharedCrypto Meeting Tomorrow #SharedCrypto

Hart Montgomery
 

Hi Everyone,

 

This is just a reminder for tomorrow’s shared crypto library meeting.  There are a few topics people have brought up for discussion:

 

1.       An update on Zmix.

2.       Discussion on when we can move forward to become a full project.

3.       An update on the parallel ZKLang/Zmix meeting that takes place on Mondays (and a call for action to join)

 

Please feel free to reply if I’ve missed something!  Looking forward to talking with many of you tomorrow.

 

Thanks,

Hart


#SharedCrypto crypto-lib Meeting Tomorrow #SharedCrypto

Hart Montgomery
 

Hi Everyone,

 

This is just a reminder email for the shared crypto-lib meeting tomorrow.  We have a lot of things to discuss, including:

 

1.       Recap of the discussion at the Amsterdam hackfest.

2.       Recent work on (and how we want to proceed with) Z-mix.

3.       How we want to handle moving forward with project incubation status.

4.       Anything else people want to discuss (the basic signing library)?

 

Discussion on any (hopefully nonempty) subset of these should mean a good meeting.  I hope to talk to many of you tomorrow!

 

Thanks,

Hart


#SharedCrypto #SharedCrypto

Hart Montgomery
 

The paper on SNARGs that I was referring to today that has a good explanation of non-falsifiable assumptions in the introduction:

 

https://eprint.iacr.org/2010/610.pdf

 

Thanks,

Hart

141 - 160 of 170