If I’m reading the code correctly, this uses the duration of your “time lock” as the duration for how long it will perform scrypt operations on the key derivation.
In other words, if you say you want to “lock” the secret for 5 days, the code will perform scrypt to generate the key for 5 days!!! Then it expects you to remember the iteration count to decrypt it.
I don’t see any use case where that’s a useful mechanism. Especially since it ignores other computers are likely faster at scrypt then yours is.
I think it’ll generate 5 days converted into seconds number of operations.
To decrypt however, you have to do all those operations, so I think it would take 5 days to decrypt. Even if you wait 10 days to start the operation
def generate_proof_of_work_key(initial_key, time_seconds):
proof_key = initial_key
end_time = time.time() + time_seconds
iterations = 0
while time.time() < end_time:
proof_key = scrypt(proof_key, salt=b'', N=SCRYPT_N, r=SCRYPT_R, p=SCRYPT_P, key_len=SCRYPT_KEY_LEN)
iterations += 1
print(f"Proof-of-work iterations (save this): {iterations}")
return proof_key
def generate_proof_of_work_key_decrypt(initial_key, iterations):
proof_key = initial_key
for _ in range(iterations):
proof_key = scrypt(proof_key, salt=b'', N=SCRYPT_N, r=SCRYPT_R, p=SCRYPT_P, key_len=SCRYPT_KEY_LEN)
return proof_key
The first function is used during the encryption process, and the while loop clearly runs until the specified time duration has elapsed. So encryption would take 5 days no matter how fast your computer is, and to decrypt it, you’d have to do the same number of iterations your computer managed to do in that time. So if you do the decryption on the same computer, you should get a similar time, but if you use a different computer that is faster at doing these operations, it will decrypt it faster.
What is the threat szenario?
If you are smart about parallelization and have access to custom hardware, couldn’t you turn 5 days into 1 hour or less?
