From: Bill Stewart <stewarts@ix.netcom.com>
To: cypherpunks@toad.com
Message Hash: 566bc606be121835d767551db1522c1ce11916c9cc09ba2ca3e567187cc9fb47
Message ID: <199610140646.XAA03949@dfw-ix12.ix.netcom.com>
Reply To: N/A
UTC Datetime: 1996-10-14 06:47:08 UTC
Raw Date: Sun, 13 Oct 1996 23:47:08 -0700 (PDT)
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 13 Oct 1996 23:47:08 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Blinded Identities [was Re: exporting signatures only/CAPI]
Message-ID: <199610140646.XAA03949@dfw-ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
>> >Steve Shear <azur@netcom.com> writes:
>> I've been charged with developing an Internet service which needs to assure
>> its clients of anonymity. However, we fear some clients may abuse the
>> service and we wish to prevent the abusers from re-enrollment if
>> terminated for misbehavior.
At 04:28 PM 10/13/96 -0400, "Michael Froomkin - U.Miami School of Law"
<froomkin@law.miami.edu> wrote:
>Stefan Brands has a protocol that probably does what you want.
....
>http://www.law.miami.edu/~froomkin/articles/oceanno.htm#ENDNOTE286
Looks like a really nice paper on anonymity issues; at 485K, it'll take
a little while to read :-)
The fundamental difficulty in this problem is that you need some
demonstrable proof of uniqueness for human users; if you don't have that,
you can't transform it into a unique-but-anonymous identity.*
The issues are similar to privacy-protecting voter registration problems.
Brands's protocol starts with the user going to the bank with proof of ID,
and getting a numerical ID which can be blinded and signed.
It's a nice approach; you can do cruder approaches by hashing your
universal-citizen-unit-ID-number or whatever, but that can be
dictionary-searched
by feeding all the possible ID numbers through the hash.
For some applications, mapping back to a unique human isn't necessary;
if you do something like map back to a bank account which has a high
minimum balance for setup, this discourages the type of users who
don't want to spend $100 just to send spam.
Blinding a Verisign signature isn't enough, though - they support
personna certificates without proof of identity.
Froomkin also points out a class of attacks that can allow abusers to get around
Brands's protocol - a group of users get together and abuse one ID till it gets
busted, then abuse the next, etc., until they're all burned. Or you hire
a bum off the street to get an account for you. Or whatever.
[ * There are non-universal-identifier methods for preventing double-use.
Voter registration in many places just depends on identification and
affidavit, and is often abused (e.g. Chicago graveyard voters and
Nevada absentee ballots), but usually not massively abused.
Some third-world countries don't even require registration or literacy -
they dip your thumb in ink after you vote, using a kind of ink that
won't come off for a couple of days. Attacks against this protocol
include better solvents :-) ]
# Thanks; Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
Imagine if three million people voted for somebody they _knew_,
and the politicians had to count them all.
Return to October 1996
Return to “Bill Stewart <stewarts@ix.netcom.com>”
1996-10-14 (Sun, 13 Oct 1996 23:47:08 -0700 (PDT)) - Re: Blinded Identities [was Re: exporting signatures only/CAPI] - Bill Stewart <stewarts@ix.netcom.com>