RPOW - Reusable Proofs of Work

Anne & Lynn Wheeler lynn at garlic.com
Mon Aug 16 18:50:13 EDT 2004 

At 12:36 PM 8/15/2004, R. A. Hettinga wrote:
>This is what creates trust in RPOWs as actually embodying their claimed
>values, the knowledge that they were in fact created based on an equal
>value POW (hashcash) token.

the issue in the "yes card" exploit is that you migrate the financial 
business rules out into hardware tokens (of any kind) and then do 
peer-to-peer operations between tokens.

the threat model is you attack the belief in a valid hardware token ... 
once you have that you have the mechanism for creating counterfeit tokens 
that can convince other tokens that they are valid. These counterfeit 
tokens don't tell the truth ... they are programmed to say whatever will 
convince other tokens that can be trusted.

and as per previous post ... i got hit in a sci.crypt thread with the claim 
that even 4758 can be succesfully attacked.

misc. posts discussing token attacks that 1) result in being able to 
fabricate counterfeits 2) which are acceptable in offline, peer-to-peer 
operations:
http://www.garlic.com/~lynn/aadsm15.htm#25 WYTM?
http://www.garlic.com/~lynn/aadsm17.htm#13 A combined EMV and ID card
http://www.garlic.com/~lynn/aadsm17.htm#25 Single Identity. Was: PKI 
International Consortium
http://www.garlic.com/~lynn/aadsm17.htm#42 Article on passwords in Wired News
http://www.garlic.com/~lynn/2003o.html#37 Security of Oyster Cards
http://www.garlic.com/~lynn/2004g.html#45 command line switches [Re: 
[REALLY OT!] Overuse of symbolic constants]
http://www.garlic.com/~lynn/2004j.html#12 US fiscal policy (Was: Bob Bemer, 
Computer Pioneer,Father of ASCII,Invento
http://www.garlic.com/~lynn/2004j.html#13 US fiscal policy (Was: Bob Bemer, 
Computer Pioneer,Father of ASCII,Invento
http://www.garlic.com/~lynn/2004j.html#14 US fiscal policy (Was: Bob Bemer, 
Computer Pioneer,Father of ASCII,Invento


--
Anne & Lynn Wheeler    http://www.garlic.com/~lynn/ 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list