Documentation ¶
Overview ¶
Package sskg provides a Go implementation of Seekable Sequential Key Generators (SSKGs). Specifically, this package provides an HKDF-based implementation of a binary tree-based SSKG as described by Marson and Poettering (https://eprint.iacr.org/2014/479.pdf) which features fast key advancing (~6μs) and low memory usage (O(log N)).
An example of SSKG usage is cryptographically protected local logs. In this scenario, logs on a computer are secured via MACs. If the MAC key is constant, an attacker can extract the key and forge or modify log entries in the past.
The traditional solution to this is to use a foward-secure solution like a hash chain, but this presents a large computational expense to auditors: in order to verify the MAC using the Nth key, the auditor must calculate N-1 hashes, which may be cumbersome. An SSKG, in contrast, allows quickly seeking forward to arbitrary points of time (specifically, Marson and Poettering's tree-based SSKG can perform O(log N) seeks).
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Seq ¶
type Seq struct { Nodes []node `json:"nodes"` Size int `json:"size"` Version string `json:"version"` // contains filtered or unexported fields }
A Seq is a sequence of forward-secure keys.
func UnmarshalJSON ¶
UnmarshalJSON returns a hydrated state Seq from its JSON representation
func (*Seq) MarshalJSON ¶
MarshalJSON returns the JSON encoding of the (potentially advanced) state Seq.
func (*Seq) Next ¶
func (s *Seq) Next()
Next advances the Seq's current key to the next in the sequence.
(In the literature, this function is called Evolve.)
func (*Seq) Seek ¶
Seek moves the Seq to the N-th key without having to calculate all of the intermediary keys. It is equivalent to, but faster than, N invocations of Next(). WARNING: Seek does not work when the state is already advanced. If you want to keep advancing a state that has already been advanced, use Superseek. You probably just want to use Superseek. This method will probably be superseded by Superseek in a future version.