[guardian-dev] WOT and Authentication Research

Natanael natanael.l at gmail.com
Tue Jan 22 20:11:58 EST 2013


I said so in other messages in this thread:

https://lists.mayfirst.org/pipermail/guardian-dev/2013-January/001237.html

Using secure multiparty computation or an equavilent scheme, you can send
data to another person while proving it came from you at the time of
transmission but making it impossible to verify that it came from you
*after* the transmission. This is not just OTR, because OTR assumes you
wipe the session keys. Secure multiparty computation assumes not both sides
have hardware debuggers storing every computation.

So that signature has everything you'd expect. Just not anything tying it
to the person who made it. So your WoT managing software needs to protect
the signature database from modifications (unless you use full disk
encryption), which a signed checksum list will handle just fine, whitelist
style.

Now this won't really be a *web* of trust. There's just one step. But you
*could* pass on these signatures with their public keys to others, making
it come a bit closer. And you can still publish signatures under your name
on keyservers, for the things you don't mind being tied to you publically.



2013/1/23 Patrick Baxter <patch at cs.ucsb.edu>

> I can't quite wrap my head around how you could implement anonymous
> signatures that meaningfully tell you something about authentication
> or help build a web of trust. On a high level, if a friend of mine
> whose public key I know anonymously signs someone's key to prevent
> being linked with that person. What does this signature tell me about
> the key he verified?
>
> On Wed, Jan 16, 2013 at 7:05 PM, Natanael <natanael.l at gmail.com> wrote:
> > Can we have anonymous signatures?
> >
> > Could we do something useful with RSA and Chaumian blinding? Or could we
> > possibly sign things in such a way that the recipient (the friend who can
> > see what I have signed) must give up his private key to prove to others
> that
> > I was the signer? Though secure multiparty computation probably screws up
> > that latter method of keeping my signatures from being linked to me,
> unless
> > the algorithm to check the signatures give you a result that can't be
> > verified computionally, just by the user.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20130123/3cf728a2/attachment-0001.html>


More information about the Guardian-dev mailing list