[Cryptography] Project Grace

Dave Howe davehowe.pentesting at gmail.com
Fri Jun 15 09:54:40 EDT 2018

On 14/06/2018 19:22, Tom Mitchell wrote:
> In the patent I am confused by: "The second mechanism is for a sender
> to generate the public key locally for every recipient."
> I do not understand how a public key be generated for me if I do not
> already know the private key will work.  Is this where the world 
> has to trust a third party?

The description seems to be wildly inaccurate, but as it is in the
preamble ("Background to the invention") section, is probably not
material to the validity of the patent itself.  For traditional PKC, the
two routes as I understand them are central generation and issue, or
local generation by the (intended) recipient (not sender) as a
consequence of generation of the private key.  The text then doubles
down on this error, asserting that public CAs routinely generate public
keys (rather than signing supplied PKs) and that Certificates need to be
protected from tampering in transit and after receipt, when in fact the
digital signature is intended to perform this function. 

The important bits of the patent appear to be an identity based crypto
scheme with an identity component to the key oracle's public key which
is asserted to protect against substitution of an attacker public key
(although how this is achieved I haven't looked into)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180615/f4c906d1/attachment.html>

More information about the cryptography mailing list