From: Anonymous <nobody@replay.com>
To: cypherpunks@cyberpass.net
Message Hash: 45bb66254b699c0e2e543be7a374cb9713c113c6f29ad072abf338634ee5b8d4
Message ID: <199812220202.DAA22604@replay.com>
Reply To: N/A
UTC Datetime: 1998-12-22 02:23:05 UTC
Raw Date: Tue, 22 Dec 1998 10:23:05 +0800
From: Anonymous <nobody@replay.com>
Date: Tue, 22 Dec 1998 10:23:05 +0800
To: cypherpunks@cyberpass.net
Subject: Anonymous nym ratings
Message-ID: <199812220202.DAA22604@replay.com>
MIME-Version: 1.0
Content-Type: text/plain
Adam Back writes:
> Probably a good rule of thumb is never to sign anything and always
> post via a mixmaster chain.
Good idea!
> Some messages don't need a persistent nym
> even. Perhaps one could construct a zero knowledge proof of nym
> reputation rating without identityfing the nym which might be useful
> for filtering without linkability.
This could be done via some of the recent work on group signatures.
Efficient methods have been developed to show that a message is signed
by a key, without revealing what the key is, but proving that the key
itself is signed by a specific other key.
Imagine an editor who only signs keys belonging to people who deserve
to get through filters. Call this "endorsing" a key. If you respect
that editor, you set your filters to let messages through which are by
keys he has endorsed in this manner. Now, people can submit messages
anonymously, but in such a way that they are provably written by an
endorsed key, without revealing which key it is.
The protocols are reasonably efficient, with signature verification taking
about 20 times longer than a regular DSS signature. However the methods
involve blind signatures, and hence would infringe upon Chaum's patent.
The group signature was described at Crypto 97; an extension for blind
group signatures at Asiacrypt 98; and more work will be presented at
FC 99.
Return to December 1998
Return to “Anonymous <nobody@replay.com>”
1998-12-22 (Tue, 22 Dec 1998 10:23:05 +0800) - Anonymous nym ratings - Anonymous <nobody@replay.com>