1995-12-30 - Re: blind validation

Header Data

From: futplex@pseudonym.com (Futplex)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Message Hash: f68d0bd8a00d2ef3adf62bc0ffa1cbd9be21ac7f6eb9b6e484a453a7bfb98930
Message ID: <199512300908.EAA07360@opine.cs.umass.edu>
Reply To: <199512281849.MAA08259@proust.suba.com>
UTC Datetime: 1995-12-30 09:23:09 UTC
Raw Date: Sat, 30 Dec 1995 17:23:09 +0800

Raw message

From: futplex@pseudonym.com (Futplex)
Date: Sat, 30 Dec 1995 17:23:09 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: blind validation
In-Reply-To: <199512281849.MAA08259@proust.suba.com>
Message-ID: <199512300908.EAA07360@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Alex Strasheim writes:
[discussion and assumptions liberally elided]
> 1.   Alice initiates a transaction with Bob.  (Perhaps by asking
>      him for a file.)
> 
> 2.   Bob generates a random number and sends it back to Alice.
> 
> 3.   Alice blinds Bob's number and sends it to Trent, along with
>      proof of her validatability.
> 
> 4.   Trent checks Alice's proof, signs the blinded number, and
>      then returns it to Alice.
> 
> 5.   Alice unblinds Bob's number, then sends it to Bob.
> 
> 6.   Bob checks Trent's signature and makes sure that the number
>      he recieved matches the one he sent out.  Then Bob processes
>      Alice's transaction.
> 
> If Bob always follows this protocol, he can prove to Sam that
> he's followed the law.  Alice remains anonymous.  Alice can still
> transfer the file, but she has to give it away herself:  she
> can't give away the ability to get it directly from Bob without
> giving away the ability to prove Aliceness to Trent.  

I'm not convinced that your last point is true. It appears that the signed
Bobnet-access-number is still just a transferrable ticket. Charlie can
place an order with Bob, forward the Bobnet-access-number to Alice, wait for
Alice & Trent to do the blinding & signing tango, forward the signed Bobnet-
access-number to Bob, and get the goods from Bob.
  
Charlie can't use the signed Bobnet-access-number to prove to Trent
that he's Alice. In fact, since it's unblinded, Charlie can't even prove
that he's linked to a particular validation performed by Trent. (If Alice
foolishly gave him the blinded version too, he could show that he shares
Alice's knowledge about this validation.) 

[...]
> The main problems that I can see with this protocol are:
> 
> 1.   It's vulernable to traffic analysis.
> 2.   Sam has to trust Trent, which he may be unwilling to do.
> 3.   You can infer stuff about Alice from the kinds of requests
>      she makes of Trent.  Someone who always asks Trent for proof
>      that he's not a felon might tag himself as a person who buys
>      a lot of guns or ammunition, for example.

3. is OK as long as Alice trusts Trent. The trick is selecting a Trent
trusted by both Alice and Sam ;)

-Futplex	<futplex@pseudonym.com>





Thread