
Show HN: GoUmbral – ECC arithmetic layer, and soon-to-be proxy re-encryption lib - tuxxy
https://github.com/nucypher/goUmbral
======
tptacek
I don't understand why this is built on OpenSSL. I looked (not carefully! Very
quickly!) and it looks like most of the cgo calls just hit OpenSSL's bignum
interface. But Go already has a decent bignum interface, and for that matter
curve implementations with rudiments sufficient to build additional curve
support. A Go crypto library with an OpenSSL dependency is somewhat un-
idiomatic.

What does OpenSSL provide that Go doesn't have? I'm asking because I'm sure
there's something (or you wouldn't have done this), and I'm curious.

~~~
tuxxy
Go supports Bignums, this is true. I love Go's interfaces, but it doesn't
support constant time arithmetic for all of the operations[0]. Go also doesn't
support all the curves we need (mainly secp256k1).

We also have a `Point` struct that hits the OpenSSL EC_POINT API. Go only
supports constant time arithmetic for a few specific curves (also not
secp256k1).

0\.
[https://github.com/golang/go/issues/20654](https://github.com/golang/go/issues/20654)

------
tuxxy
Hey, everyone! For some context, here's our blogpost about this pre-release.
We're really excited to debut our cryptography arithmetic layer for Go. It's
the first step to making our split-key threshold proxy re-encryption library
available in Go.

[https://blog.nucypher.com/introducing-goumbral-
ce979e616359](https://blog.nucypher.com/introducing-goumbral-ce979e616359)

------
jitl
What is “split-key threshold proxy re-encryption”? Can you give an example of
the useful case here; what does this enable?

I read the README and the blog post, and found neither contains a “wat is
this”. The repo links to an Umbral paper PDF that’s hard to read on mobile -
requiring a separate PDF viewer app with tiny font - which also doesn’t
contain a concrete example in the abstract.

¯\\_(ツ)_/¯ Maybe I’m not the target audience.

~~~
mwilkison
Proxy re-encryption (PRE) is a form of public key encryption that allows a
semi-trusted proxy to transform ciphertext from being encrypted under one key
to another, without learning anything about the underlying plaintext. A "re-
encryption key" is used by the proxy to do this transformation.

Umbral is a split-key version of PRE, which splits the re-encryption key into
many shares. A threshold number of these shares are then required to re-
encrypt the data (similar to Shamir’s Secret Sharing).

Here's a post describing split-key threshold proxy re-encryption in slightly
more detail: [https://blog.nucypher.com/unveiling-
umbral-3d9d4423cd71](https://blog.nucypher.com/unveiling-umbral-3d9d4423cd71)

------
jMyles
See also the python (and reference) implementation, which OP has also worked
on (and, disclaimer, I have too :-) ):
[https://github.com/nucypher/pyUmbral](https://github.com/nucypher/pyUmbral)

