A variant of a Fuzzy Vault cryptographic scheme designed for encrypting data with better human recovery features.
Fuzzy Vault Key Recovery is a library that provides an alternative for unmemorable user-controlled cryptographic keys composed of secret long strings of random numbers and letters. This project presents a scheme where a user is expected to remember/securely protect a passphrase alone. This passphrase is used to generate cryptographic key material that is used to generate as well as recover cryptographic key(s). Configuration information (returned as a payload) is created by the scheme and used to generate the cryptographic key material from the passphrase. This payload can be stored in a public place as long as it is not modified, and is necessary to enter when recovering keys. If the configuration inputs are modified, the generated secret can no longer be recovered.
This distribution contains a C++ and a Python implementation of the Fuzzy Vault Key Recovery scheme. The Python version is included as a demonstration to help understand the C++ implementation. The Python version will not receive support for general use. The C++ code is intended for general use.
The full algorithm is described in detail in the whitepaper.
Setting up a new Fuzzy Vault with a passphrase requires two steps as shown in the images below.
Generate Parameters: This call allows the application to select parameters for the passphrase and generates a JSON object that will be used to initialize a vault. This step can be completed once by the application and the JSON parameter object can then be reused for generating secrets for different passphrases.
The three parameters set by the application are setSize
, correctThreshold
, and corpusSize
. setSize
determines the number of words in the passphrase, while correctThreshold
is the minimum number of those words that must be submitted correctly to retrieve the keys. corpusSize
is the size of the corpus from which the words in the passphrase will be selected. See the section on corpus and word selection for further details.
Note: the "secret payload" does not reveal any secret information about the passphrase and thus can be stored in any location where it will not be modified. Storage of this payload is left up to the application and can be backed up as needed to ensure it is available at the time of key recovery.
Once the Fuzzy Vault is set up with the given parameters and passphrase, cryptographic keys can be generated by executing the final step:
keyCount
parameter in this call. The generation of keys is deterministic and will be the same every time for the given passphrase and payload.This key recovery scheme enables harnessing of the entropy in human-memorizable sets and generates strong cryptographic keys from it, while tolerating a small number of errors. The properties of this technology are:
This implementation of the key recovery scheme is agnostic to the corpus from which passphrase words will be selected. Given this, it is left to the application developer to:
The words set as the passphrase in the set up steps must be entered by their indices within the corpus. This allows the application developer to choose a corpus that will be suitable for their users. The size of the corpus used must also be entered as a set up parameter.
For a full explanation of how these passphrase word indices are used to generate the cryptographic keys, see the whitepaper.