On 2021/04/14 6:00 , Will wrote:
To Philip's point, the basic protocol I am hoping to enable looks as follows: (I'll describe the roughtime variant) * A machine wants to attest that it is in (e.g. Seattle). It picks a set of machines that are believed to be in Seattle (perhaps atlas machines, or more generally machines that the measurement system has agreed on locations of in advance.) * It generates a statement saying "i am doing a measurement", and signs it. * It requests the time with it's own signature as a nonce and receives a (timestamp, uncertainty, signature) from the server, per https://blog.cloudflare.com/roughtime/ <https://blog.cloudflare.com/roughtime/> * It then immediately req-requests the time, using the signature it received as the nonce this time, and receives a second timestamp, uncertainty, signature.
It seems to me that this can be simplified a bit, the first step can be just a nonce. Basically: - The client generates a random nonce - The client uses to nonce to obtain the time from a server using the nonce and the roughtime protocol - The client generates a new nonce from the reply by hashing the reply - The client uses the second nonce to once again obtain the time. - The client packs the two nonces and the two replies and reports it as measurement result. Later, a verifier can check the signatures in the two replies to verify that responses came from the right server. Then a check is made that the second nonce is derived from the first reply. Finally a check is made that the replies correspond to the nonces. Note that the first nonce serves no value, so could be omitted from the measurement result and verification. Open issue: key management. How to store all public keys of all servers for ever. This seems fine, however...
There are some complexities - e.g could the machine attesting it's location delegate the request to a different machine closer to the anchor? Depending on the situation there are mitigations for this, like asking that some piece of data the machine that's attesting it's location be hashed into the nonce, in a way that's difficult for the attesting machine to predict ahead of time (so that it would need to move all of its data to the delegate machine at which point it's already in a sense also in that secondary location at that time.) But the ability to locate client software deployment via latency with some guarantee that someone running it isn't spoofing their location is useful.
If we assume that the client is malicous, what prevents the client from using a collaborating machine to execute the protocol, proving the location of the collaborating machine. The client just submits the results as its own? Philip