“The real-world implications of this were something I cared about and wanted to think about more,” Brown's Qin says. “I knew we needed to put our minds together, because to me it did not seem obvious at first how you would do all of this. Secure multiparty computation is quite resource-intensive, and we needed to accommodate the legislative nuances.”
On top of all the other challenges, the system also needs to be easy to use for government officials who most likely wouldn't have any specific knowledge of cryptography. And it requires other protections built in as well, like “rate limiting,” so officials could automatically prevent someone running a suspicious number of queries.
The basic structure of the system the researchers devised looks like this: Each local official who manages the gun registry data in their county would hold the encryption key for that data on a physical authentication token, like a Yubikey. To answer queries—release data, in other words—about the county's current or former constituents, the official would authenticate themself and authorize data queries by producing the physical key. When a new person took over the job, the outgoing official would hand over the physical token as they would the key to a filing cabinet.
The system has a mechanism to reconstruct the key in the event that a local official is indisposed or loses their token. It works by having the official give “key shares” to colleagues or trusted peers in neighboring counties. At least two of the three shares must come together to authenticate. The idea is to create a fallback mechanism that allows officials to choose like-minded or otherwise trusted custodians, reducing potential concerns about misuse. The key shares could also be revoked, so that when a job turns over, the new ..
Support the originator by clicking the read the rest link below.
