[Cryptography] Thoughts about keys

Peter Fairbrother zenadsl6186 at zen.co.uk
Mon Sep 9 13:12:06 EDT 2013

On 09/09/13 13:08, Guido Witmond wrote:
> Hi Perry,
> I just came across your message [0] on retrieving the correct key for a
> name. I believe that's called Squaring Zooko's Triangle.
> I've come up with my ideas and protocol to address this need.
> I call it eccentric-authentication. [1,2]
> With Regards, Guido.
> 0: http://www.metzdowd.com/pipermail/cryptography/2013-August/016870.html
> 1:
> http://eccentric-authentication.org/blog/2013/08/31/the-holy-grail-of-cryptography.html
> 2:
> http://eccentric-authentication.org/eccentric-authentication/global_unique_secure.html

I like to look at it the other way round, retrieving the correct name 
for a key.

You don't give someone your name, you give them an 80-bit key 
fingerprint. It looks something like m-NN4H-JS7Y-OTRH-GIRN. The m- is 
common to all, it just says this is one of that sort of hash.

There is only one to remember, your own.

The somebody uses the fingerprint in a semi-trusted (eg trusted not to 
give your email to spammers, but not trusted as far as giving the 
correct key goes) reverse lookup table, which is published and shared, 
and for which you write the entry and calculate the fingerprint by a 
long process to make say 20 bits more work.

Your entry would have your name, key, address, company, email address, 
twitter tag, facebook page, telephone number, photo, religious 
affiliation, claimed penis size, today's signed ephemeral DH or ECDHE 
keypart, and so on - whatever you want to put in it.

He then checks that you are someone he thinks you are, eg from the 
photo, checks the fingerprint, and if he wants to contact you he has 
already got your public key.

He cannot contact you without also getting your public key first - 
because you haven't given him your email address, just the hash.

[ That's what's planned for m-o-o-t (a CD-based live OS plus for 
secure-ish comms) anyway. As well, in m-o-o-t you can't contact anyone 
without checking the fingerprint, and you can't contact him in 
unencrypted form at all. Also the lookup uses a PIR system to avoid 
traffic analysis by lookup. It isn't available just now, so don't ask. ]

-- Peter Fairbrother

More information about the cryptography mailing list