Translate Toolkit
Anastasis
Anastasis
Anastasis key recovery system
Anastasis key recovery system
Funding
Skip to main content
Home
Accueil
Documentation/News
Documentation/Actualité
About
À propos
Anastasis - About
Anastasis
About</em> Anastasis
À propos d'Anastasis
Anastasis is developed by a motivated team<br>with the goal to help you to protect your private data.
Company Background
Anastasis SARL was created to offer a usable key backup solution for privacy-enhancing technologies, drawing contributors from open-source communities which, together with experts from the <a href="https://bfh.ch/" target="_blank" rel="noopener noreferrer">Bern University of Applied Sciences</a>, produced an innovative protocol and reference implementation.
Our goal is to offer key backup and recovery for a broad range of applications, combining both key management as a service as well as support for integration. Anastasis has already caught the interest of additional Free Software privacy projects such as <a href="https://taler.net/" target="_blank" rel="noopener noreferrer">GNU Taler</a>, the <a href="https://reclaim.gnunet.org/" target="_blank" rel="noopener noreferrer">Re:claimID</a> identity management system and the <a href="https://nymtech.net/" target="_blank" rel="noopener noreferrer">NymTech</a> cryptocurrency.
Users of electronic wallets need a way to backup their secret keys. Anastasis enables them to split up key data, encrypt it and send it to different providers, thus minimizing the need for trust towards all involved parties. Our solution implements privacy by design with data minimization and ensures that we learn as little as possible and as late as possible about our users.
Our <span>Principles
Nos principes
1. Privacy
Privacy is our primary objective. We do not collect any personal data. The authentication data remains encrypted and inaccessible until it is needed during key recovery.
2. Free Software
Anastasis is Free Software and only uses components which are also Free Software. Our documentation is also fully available and unencumbered.
3. Be usable
6. Être utilisable
Our focus is on delivering a practical solution that is usable for ordinary users and not just for experts.
4. Flexible trust model
Anastasis must not rely on the trustworthiness of individual providers. It must be possible to use Anastasis safely, even if a subset of the providers is malicious.
5. The user is in control
Anastasis must put the user in control: They get to decide which providers to use and which combinations of authentication steps will be required to restore their core secret. The core secret always remains exclusively under the user’s control, even during recovery.
Our Team
Business
Technology
Programming
</em>References
This is an overview of documentation<br>and other helpful resources for Anastasis.
Codebase
API Documentation
Project Documentation
Anastasis - News and documentation
Anastasis
News &</em>documentation
This is an overview of news, documentation<br>and other helpful resources for Anastasis.
News Posts, <span>Press Releases and Events
Anastasis v0.3.0 released
Anastasis v0.3.0 has been released. You can download it from <a href="https://ftp.gnu.org/gnu/anastasis/" target="_blank" rel="noopener noreferrer">here</a>.
Anastasis joins GNU
Anastasis
Anastasis is now an official GNU package. You can read more about GNU <a href="https://www.gnu.org/" target="_blank" rel="noopener noreferrer">here</a>.
Anastasis funded by NGI LEDGER
The development of Anastasis is being <a href="funding.html" target="_blank" rel="noopener noreferrer">funded</a> (for 2021) by a grant of <a href="https://www.ngi.eu/ngi-projects/ledger/" target="_blank" rel="noopener noreferrer">NGI LEDGER</a>.
Anastasis as topic in Bachelor thesis
The development of Anastasis has been the topic of this <a href="..\..\papers\thesis-anastasis-2020.pdf">bachelor thesis</a>. The thesis also included the development of a proof of concept.
Anastasis won the 2020 ISSS excellence award
Anastasis was awarded by <a href="https://isss.ch/veranstaltungeb-kurse/rueckblick-isss-excellence-award-2020/" target="_blank" rel="noopener noreferrer">The Information Security Society Switzerland (ISSS)</a>, Switzerland's largest associations of ICT security professionals.
New Anastasis Website Launched
The new Anastasis Website just launched, visit us and check out what's new!
References
Anastasis Git
Anastasis
Anastasis API Doc
Anastasis
System documentation
Documentation/Actualité
Anastasis - Funding
Anastasis
Support for Anastasis
Soutien à l'Anastasis
Current funding
This project has received funding from the European Union’s Horizon 2020 research and innovation programme within the framework of the LEDGER Project funded under grant agreement No 825268.
We are grateful for free hosting offered by the following organizations:
We are grateful for translation support offered by the following organizations (and <a href="https://weblate.taler.net/stats/">all the volunteers</a> that are helping with the translation effort):
Anastasis - Glossary
Anastasis
backup provider
provider which holds the backup of the service/program (e.g. GNU Taler Wallet), for which we want to have the possibility to recover the masterkey.
escrow provider
provider which stores the backup of the masterkey and the corresponding policies for key recovery and/or one or more keyshare(s).
truth
'ground truth' (e.g. security question, e-mail address, phone number, picture) which is specified by the client and used by the key provider to challenge the client to authorize himself
(Escrow)Method
method which is used to authorize the client to get the key share from the escrow provider
(Decryption)Policy
specification of how to decrypt the encrypted masterkey backup
key share
partial key of the key needed to decrypt the masterkey backup of the corresponding policy.
Anastasis - Home
Anastasis
Welcome to</em> Anastasis
À propos d'Anastasis
A ‘keep-your-own-key’ crypto-custody solution <br>with password-less key recovery <br>via multi-factor multi-party authentication.
Benefits of Anastasis
Soutien à l'Anastasis
Anastasis is a key recovery system that allows the user to securely deposit shares of a core secret with an open set of escrow providers, to recover it if the secret is lost. The core secret itself is protected from the escrow providers by giving each provider only part of the information, and additionally by encrypting it with an identity-based key unknown to the providers.
Anastasis ist ein Schlüssel Widerherstellungssystem, das test test test
Anastasis is a <a href="https://www.gnu.org/">GNU</a> package.
The <span>Problem
Confidentiality requires only consumer is in control of key material.
Cryptographic key-splitting solutions so far are not usable.
Consumers are unable to simultaneously ensure confidentiality & availability of keys.
European e-money issuers using electronic wallets must:</p> <ul> <li>Enable consumers to always recover their electronic funds (i.e. if devices are lost).</li> <li>Not assume consumers are able to remember or securely preserve key material.
The <span>Solution
Users split their encrypted secrets across multiple service providers
Service providers learn nothing about the user, except possibly some details about how to authenticate the user
Only the authorized user can recover the key by following standard authentication procedures (SMS-TAN, Video Identification, security question, e-mail, etc.)
The <span>Concept
Flexible
Anastasis lets you save your secret on several escrow providers. You can choose different combinations of these providers to recover your secret. The various providers provide different authentication methods (like SMS, secure question or E-Mail) which the user has to supply to recover their secret.
Defense in depth
Anastasis is based on well-known cryptographic techniques. Our resulting solution offers post-quantum security. A compromised database of an individual Anastasis service provider by itself never leaks information that would be by itself sufficient to recover any core secret of any user.
Privacy
Anastasis does not safe any data from the user except for the few details needed for authentication and recovery of the secret. When using Anastasis, only the user is capable to recover their secrets. Users can pay anonymously for the service, and switch service providers at any time.
Upload <span>Process Flow
Step 1 - <span> User has a core secret
Step 2 - <span> The core secret is split in several parts
Step 3 - <span>The system derives the User ID with the provided identity material
Step 4 - <span>The system derives two keys with the generated user id
Step 5 - <span>The pieces of the secret are encrypted with the first key
Step 6 - <span>The user sets up authentication methods for each part of the secret
Step 7 - <span>The authentication data is then encrypted with the second key
Step 8 - <span>Encrypted shares of the recovery data are distributed to different providers
Recovery <span>Process Flow
Step 1 - <span>The system derives the User ID with the provided identity material
Step 2 - <span>The system derives the same keys as per the upload
Step 3 - <span>The user sends the second key to the providers so that they can decrypt the authentication data
Step 4 - <span>The providers decrypt the authentication data and issue an authorization challenge to the user
Step 5 - <span>The user performs the different authentication procedures
Step 6 - <span>The user receives the parts of the secret
Step 7 - <span>The user can now decrypt the parts with the first derived key
Step 8 - <span>The system can now reassemble the secret
Unique Sales <span>Propositions
Low-cost, scalable cloud-based solution with minimal environmental impact
Increases informational self-determination by keeping consumers in control of their data
Distributed trust instead of single point of failure
Ease of use
Generic API suitable for a range of applications
Maximum privacy with respect to authentication data
Customers can remain anonymous
Post-quantum security
E-money issuers do not need to protect customer data against own staff
Anastasis - News Index
Anastasis
News Index
Anastasis
News posts about changes related to Anastasis <br>such as releases and events.
Subscribe to our RSS feed
Souscrivez à notre flux RSS
read more
lire la suite