Programa Residência Tecnológica: Capacitação em Criptografia Aplicada e Tecnologias Blockchain - Semana 12

ED25519 Backup Recovery

Consider the following scenario. You are responsible for securing the digital wallets of customers from a fictional company. In this company, a digital wallet is defined as a base64-encoded Ed25519 public key, where the corresponding private key is derived from a shared secret using Adi Shamir's Secret Sharing Scheme (t=2, N=3). To recover the wallet, the private key must be obtained from the SHA256 hash of the reconstructed shared secret, which requires at least 2 shares.

A customer has lost one of their shares but managed to recover a "backup" (a second share). You have the third share, so with two parts, it is possible to recover the wallet.

Your task is to implement code (e.g., using the Go language) that:

1. Given two shares, recovers the shared secret using Adi Shamir's scheme with Ristretto curves:
   1. Share: {0x0000000000000000000000000000000000000000000000000000000000000002 0x0679aa25b8fc83fd391cc282edf686bdcd8c422c799326aaf12052b6d74c3249}
   2. Share: {0x0000000000000000000000000000000000000000000000000000000000000003 0x0ac0a3eca4e806e45ce12cc64068407b774e6e75dfd8e80aa543aa5b53832b45}
2. Once the shared secret is recovered, use it as the seed to create the Ed25519 private key corresponding to the customer's wallet.

Example:

E.g.: priv := ed25519.NewKeyFromSeed(reconstructedSecret)

With the private key in hand, compute the Ed25519 public key and encode it in base64.

The answer to this questionnaire should be the base64-encoded Ed25519 public key recovered from the shared secret.

Note: there is a problem, a "security flaw" in the wallet generation process. Briefly explain what it is and how it could be resolved.

Running

$ go run ed25519-backup-recovery.go
FiDeRpTC+RqsIC1+m/eCfIBkFK+SmtCWVGElq33753o=

Or:

$ go build
$ VERBOSE=1 ./ed25519-backup-recovery
2025/06/10 13:38:16 DEBUG Parameters: g = ristretto255, N = 3, t = 2
2025/06/10 13:38:16 DEBUG Scalar byte order: LittleEndian
2025/06/10 13:38:16 DEBUG Share 1: {0x0000000000000000000000000000000000000000000000000000000000000002 0x0679aa25b8fc83fd391cc282edf686bdcd8c422c799326aaf12052b6d74c3249}
2025/06/10 13:38:16 DEBUG Share 2: {0x0000000000000000000000000000000000000000000000000000000000000003 0x0ac0a3eca4e806e45ce12cc64068407b774e6e75dfd8e80aa543aa5b53832b45}
2025/06/10 13:38:16 DEBUG Shared Secret (hexadecimal): 0x0debb697e1257e2ef193edfc491313428ee6e3784fff40c1e0ec06883bd4143e
2025/06/10 13:38:16 DEBUG Shared Secret (base64): Deu2l+Elfi7xk+38SRMTQo7m43hP/0DB4OwGiDvUFD4=
2025/06/10 13:38:16 DEBUG SHA256 Shared Secret (hexadecimal): 0x905b43fea53620330972740fb14fcf934902c014535de8ecfddc25582e49a058
2025/06/10 13:38:16 DEBUG SHA256 Shared Secret (base64): kFtD/qU2IDMJcnQPsU/Pk0kCwBRTXejs/dwlWC5JoFg=
2025/06/10 13:38:16 DEBUG ED25519 Private Key (hexadecimal): 0x905b43fea53620330972740fb14fcf934902c014535de8ecfddc25582e49a0581620de4694c2f91aac202d7e9bf7827c806414af929ad096546125ab7dfbe77a
2025/06/10 13:38:16 DEBUG ED25519 Private Key (base64): kFtD/qU2IDMJcnQPsU/Pk0kCwBRTXejs/dwlWC5JoFgWIN5GlML5GqwgLX6b94J8gGQUr5Ka0JZUYSWrffvneg==
2025/06/10 13:38:16 DEBUG ED25519 Public Key (hexadecimal): 0x1620de4694c2f91aac202d7e9bf7827c806414af929ad096546125ab7dfbe77a
2025/06/10 13:38:16 DEBUG ED25519 Public Key (base64): FiDeRpTC+RqsIC1+m/eCfIBkFK+SmtCWVGElq33753o=
FiDeRpTC+RqsIC1+m/eCfIBkFK+SmtCWVGElq33753o=

Possible envs

go env -w GOAMD64=v4
go env -w GOFIPS140=v1.0.0

Linting

go install github.com/mgechev/revive@latest
revive

Validation

go vet

go install honnef.co/go/tools/cmd/staticcheck@latest
staticcheck

go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck