[Cryptography] Thoughts about keys

Faré fahree at gmail.com
Sun Sep 1 21:00:42 EDT 2013

>> So, how do I translate "alice at example.org" into a key?
Once again, what do you think of namecoin?
A bitcoin-like consensual database based on proof of work.
If you also require proof-of-key via signature from the recipient,
majority attacks make DoS easy, but identity stealing is still
dependent on highly visible unsigned revocation certificates.

>> At intervals, the trustworthy organization (and others like it) can
>> send out email messages to Alice, encrypted in said key, saying "Hi
>> there! Please reply with a message containing this magic cookie,
>> encrypted in our key, signed in yours."
The cookie better not be a a value that the organization can
skew with its own "random" source, but be based on a digest of
consensual data, such as the date (with sufficiently coarse resolution),
the top of the consensual database (if any),
public weather measurements from previous day, etc.
Then, each user can just broadcast his signature
of the previously unpredictable consensual data,
and various timestamping organizations can sign messages that say
"yes, I saw that at this time",
maybe charging some tiny usage fee in the process.

If a handshake is required (and in this case, it looks like it is),
at least, prevent the organization from personalizing the cookie too much,
by requiring it to have personal cookies be based on a digest of
a common salt for all addresses, and
data consensually associatable to the destination address.
After a deadline, the organization publishes
the definitive merkle tree digest of who was seen on time,
together with the common salt.

>> Third, presumably one wants a means to query such databases that
>> doesn't allow traffic analysis. Mix networks including Tor are
>> probably the answer on that. Without such a mechanism, listening in on
>> the query traffic becomes a very good way to trace out social
>> networks.
Assuming a namecoin like system where every server has ALL the keys,
your query could be of the form: "give me all keys k such that
digest(k&mask)==digest(k0&mask)" with mask wide enough that
you get say ~1000 keys, and computed in a deterministic/non-deterministic
enough way that you don't leak too much information.

—♯ƒ • François-René ÐVB Rideau •Reflection&Cybernethics• http://fare.tunes.org
Reevaluate your ends periodically — if some of them or in contradiction with
reality or with each other, abandon or amend them without mercy — and those
you keep, pursue without any apology.

More information about the cryptography mailing list