LTHN Key Derivation (RFC-0020)

Lethean R&D Labs

RFC DRM Key Derivation Streaming

Rainbow-table resistant key derivation for streaming DRM with time-limited access. Keys roll automatically based on time - no revocation infrastructure needed. Zero-trust: derive keys from public information plus a secret.

View on Forge Report issue

Features

Time-Based Rolling

Keys auto-expire based on configurable cadence (hourly to daily)

Offline Capable

No key server needed - derive from public info + secret

No Revocation

Keys expire naturally - nothing to revoke

Rainbow Resistant

LTHN hash prevents precomputation attacks

Installation

import "github.com/Snider/Enchantrix/pkg/crypt"

// Time-based key derivation
key := crypt.DeriveStreamKey(secret, contentID, time.Now())

Usage

Key Rolling

Secret: "artist-master-key"
Content: "album-001"
Time: 2026-01-20T14:00:00Z
Cadence: hourly

Key = LTHN(secret + content + "2026-01-20T14")

At 15:00:
Key = LTHN(secret + content + "2026-01-20T15")

Old key automatically invalid. No revocation needed.

Use Case: Streaming

Subscriber has the secret. Content is encrypted with time-based keys. Subscription ends → subscriber no longer has current secret → can't derive current keys → content inaccessible.

Quick Links

Repository Issues Pull Requests Releases

More from Lethean R&D Labs

View all projects →

Fancy helping out?

Spotted a bug? Got an idea? We'd love to hear from you.

Read the contributing guide →