Could Attribute Based Encryption (ABE) be utilized by Steemit to improve the account recovery processes? | [OPEN QUESTION]

dana-edwards (74) in crypto-news • 9 years ago

Can Attribute Based Encryption improve account recovery procedures on Steemit?

Suppose instead of the owner designating a specific account recover agent, the owner instead defines a set of attributes which any account recovery agent from a pool of agents must have? So instead of "Steemit" the organization, it would be any organization which fits a specified criteria in terms of attributes.
Suppose reputation could be an attribute. If an entity has a very good reputation, then they have access?
Could any Steemit user encrypt their private key (owner key) in such a way that only an entity with the correct attributes can decrypt it? This way in the case where a password is lost, there is always a backup encrypted somewhere on the blockchain or in some private cloud which can be decrypted only by an entity with an exact set of attributes.

Attribute based encryption is interesting, but does it solve the problem of allowing accounts and account passwords to be recovered from a backup hosted in the cloud or in the Steemit blockchain itself? Can it allow for a recovery pool consisting of pseudo-anonymous entities to be selected for access based only on having the matching attributes chosen by the owner of the account?

References

Goyal, V., Pandey, O., Sahai, A., & Waters, B. (2006, October). Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM conference on Computer and communications security (pp. 89-98). Acm.

crypto-news steemit steem blockchain cryptography

9 years ago by dana-edwards (74)

$76.86

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!

Sort Order:

Trending

[-]

egjoshslim (57) · 9 years ago (edited)

posts like this will make me miss steemit :/ sad to be leaving :( https://steemit.com/steemit/@egjoshslim/why-are-people-getting-butt-hurt-over-any-post-that-mention-any-issue-with-steemit << my last post i will be writing nd awesome post bro!! worthy of my upvote by far!

$0.00

2 votes

[-]

dana-edwards (74) · 9 years ago (edited)

The main problems:

What if I lost my password to my Steemit account which is now worth $1 million dollars?
What if I want to avoid announcing to the world who my recovery agent will be in advance but instead want to specify criteria which would create a pool out of the crowd which matches my search criteria for being a quality recovery agent?

What I've been thinking about is how to solve these sorts of problems, and also thinking about the idea of recovery pools which form around attributes. What I don't know is if it is feasible to do it on Graphene technology but I do know that Storj or even IPFS would allow for the storage of the encrypted data.

$0.00

3 votes

[-]

williambanks (69) · 9 years ago (edited)

@dana-edwards This is a well thought out post. It could work in theory but there are some issues which you called out. I also want to mention that Storj is not going to work because you need to keep paying or your data goes away.

Here is what I recommend for steemit. You have direct access to your master private key. It's over in settings.
Make sure to get that key and paste it into a plain text file.
Now use scrypt and set the password to something you know and will never forget, for instance your drivers license number, social security number or your favorite quote from your favorite author.

Take the encrypted text, and find a picture that means something emotional to you.
Next grab a steganographic application like this one...
https://sourceforge.net/projects/stegoshare/?source=directory

Put the stego app itself on a thumb drive and then run it to hide the encrypted text file "inside" the image.
Next copy the image with the embedded encrypted text file to the thumb drive as well. (extra backup in case you forget)

Now simply upload the image to the blockchain as a normal part of a regular posting.

With steganography no one will know you've hidden an image in there.

Now if you forget your password you don't have to rely on anyone to get it back. You have your thumb drive but if that gets lost damaged or stolen, you still have everything you need sitting right there on the blockchain.

I may actually do a blog posting about this.

$0.00

1 vote

[-]

dana-edwards (74) · 9 years ago

This defeats the whole point. The point is to make it something everyone can do not just cryptographers. It should be one step, not ten. There is too much room for error in the manual approach.

$0.00

2 votes

[-]

williambanks (69) · 9 years ago

@dana-edwards Ok fair enough, let me see what I can come up with. Losing passwords is a hobby of mine unfortunately :(

$0.00

[-]

egjoshslim (57) · 9 years ago (edited)

i got down voted by someone with as much SP as you and it removed all my value from my post :( was decent amount aswell :( kinda caused me to write a good bye post to steemit. im not the only one either. Posts like this make me want to stay though! my brain hurts! :P my last post on steemit (i think :/ ) https://steemit.com/steemit/@egjoshslim/why-are-people-getting-butt-hurt-over-any-post-that-mention-any-issue-with-steemit try to only use down votes for spam and copied content :( not legitimate users that you disagree with their opinion. it took the wind right out from under me :(

$0.00

1 vote

[-]

scaracara (39) · 9 years ago

Very well written post @dana-edwards ! Steemit has put a lot of emphasis on the importance of remembering your password. Due to the fact that there is no way of recovering it, losing this information has been my biggest fear since the inception of my account on Steemit. Let's hope we can get a secure recovery process moving forward using Attribute Based Encryption as you have outlined above! Upvoted!

$0.00