Yolan Romailler - A dead man’s full-yet-responsible-disclosure system



Yolan Romailler, Applied Cryptographer, He/Him

Presentation Title: A dead man’s full-yet-responsible-disclosure system
Length of presentation: 45 minutes
Demo, Tool


Do you ever worry about responsible disclosure because they could instead exploit the time-to-patch to find you and remove you from the equation? Dead man switches exist for a reason...
In this talk we present a new form of vulnerability disclosure relying on timelock encryption of content: where you encrypt a message that cannot be decrypted until a given (future) time. This notion of timelock encryption first surfaced on the Cypherpunks mailing list in 1993 by the crypto-anarchist founder, Tim May, and to date while there have been numerous attempts to tackle it, none have been deployed at scale, nor made available to be used in any useful way.

This changes today: we’re releasing a free, open-source tool that achieves this goal with proper security guarantees. We rely on threshold cryptography and decentralization of trust to exploit the existing League of Entropy (that is running a distributed, public, verifiable randomness beacon network) in order to do so. We will first cover what all of these means, we will then see how these building blocks allow us to deploy a responsible disclosure system that guarantees that your report will be fully disclosed after the time-to-patch has elapsed. This system works without any further input from you, unlike the usual Twitter SHA256 commitments to a file on your computer.

SPEAKER BIO(:
Yolan is an applied cryptographer delving into (and mostly dwelling on) cryptography, secure coding, and other fun things. He has previously spoken at Black Hat USA, BSidesLV, Cryptovillage, NorthSec, GopherConEU and DEF CON on topics including automation in cryptography, public keys vulnerabilities, elliptic curves, post-quantum cryptography, functional encryption, open source security, and more! He notably introduced the first practical fault attack against the EdDSA signature scheme, and orchestrated the full-disclosure with code of the CurveBall vulnerability.

REFERENCES:
This scheme is a direct application of the Identity Based Encryption scheme from Boneh et al. ([4] section 4.2) to the threshold BLS [3] setting of drand [6].
Notice that we are building on top of an idea initially submitted by Tim May in 1993 [1] on the Cypherpunks mailing list that introduced the idea of relying on a pool of trusted third parties to release the sealed decryption key at the proper time. Other approaches to timelock encryption were later explored [2] but without any practical deployments.
Check out the following resources for more details (we have not yet published the details of our system at this time, I will include a link to a more detailled specification in my slides):

[1] http://cypherpunks.venona.com/date/1.../msg00129.html
[2] https://people.csail.mit.edu/rivest/pubs/RSW96.pdf
[3] https://en.wikipedia.org/wiki/BLS_digital_signature
[4] https://crypto.stanford.edu/~dabo/papers/bfibe.pdf
[5] https://en.wikipedia.org/wiki/League_of_entropy
[6] https://drand.love/blog/2022/02/21/m...-capabilities/
[7] My slides, yet to be released

Credits for the initial idea behind our timelock encryption system go to nikkolasg with inputs from Magik6k and Justin Drake, many thanks to Jason Donenfeld for getting hyped with me by the idea of building a vulnerability disclosure system on top of timelock encryption.