Apple disclosed at the WWDC an interesting feature: “Find My.” It will be possible to track the GPS location of your device if it is stolen or lost. And Apple will not know this location. Here is how it works.
The prerequisite is that you have at least two Apple devices. All your devices share a private key. The trick is that instead of having one unique public key, the devices have a multitude of public keys linked to this private key. This is possible, and there are numerous known cryptographic solutions that may fulfill this part.
The device broadcasts via Bluetooth its current public key. The device broadcasts this beacon even while turned out. Any Apple device nearby may catch the beacon. Then the receiving device encrypts its current GPS location with the broadcast public key. It sends the encrypted location as well as the cryptographic hash of the public key to Apple’s server. Of course, the public key changes periodically. The rotating period has not been disclosed.
If you want to locate one of your devices, you trigger the request on one of your devices. It sends the hash of the public key to the Apple server, which returns the encrypted location. The device has the private key and thus can decrypt the location. Et voila.
Of course, under the assumption that Apple does not have the private key, only your devices can decrypt the location. Normally, Apple can neither get the location nor link different related public keys together.
Many questions that were not answered in the presentation. The frequency of key rotation, is there a limited number of public keys, how to know which hash to send? Waiting for some publications to deep dive.
The idea is interesting. It is complex, thus subject to failures and vulnerabilities. What would the system do if, from many locations, there is a beacon broadcasting the same public key? Will the collection of multiple related public keys not reveal some partial information, for instance one of the exponents?