Ethereum Asked by Veilkrand on December 29, 2020
I would like to hear your opinion on my idea to share a proof of a secret message in a contract, that users can verify later in a second phase when the message will be revealed.
If the message is a random piece of text, you could easily store a hash of the message as a proof and when the secret message is revealed, compare both hashes to verify its validity. However if the message is just a word or a number that can be easily included in a dictionary, you can have as well a collection of hashes indexed for every word/number in the
dictionary and you will be able to find the corresponding secret message.
The proposed solution will use symmetric cryptography (Fernet) to encrypt off-the-chain the message and store a hash of the encrypted message in the contract.
On a different phase when the secret message will be reveled, the full encrypted message and its secret key will be shared as well in order to verify the initial proof provided. Decrypting the message off-the-chain and comparing its hash to the initial proof will be enough to verify it.
Is there any other way am I missing?
If you're worried about someone bruteforcing (or rainbow tables as your question suggests) the input you can use something called Salts ( https://en.wikipedia.org/wiki/Salt_(cryptography) ). That way there's no way to bruteforce the input if the salt is kept secret as well. People can't change their secret upon will without spending a lot of effort in finding a correct salt which together produce the right encrypted message (or hash).
You also mention that you'll use symmetric encryption. I don't see any reason not to use asymmetric encryption which is more secure in general. Everyone just needs to agree on the encryption algorithm, keep salt and secret hidden and reveal them when needed.
Anyway this question would maybe be better suited in some security forum.
Answered by Lauri Peltonen on December 29, 2020
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP