[Cryptography] Blockchain without proof of work
Phillip Hallam-Baker
phill at hallambaker.com
Fri Jan 4 20:09:06 EST 2019
On Fri, Jan 4, 2019 at 7:16 PM Patrick Chkoreff <pc at fexl.com> wrote:
> Phillip Hallam-Baker wrote on 1/3/19 1:29 PM:
>
> > UDF=KD25H-GSNE2-JVVJE-RXTMA-7VAWT
> > UDF=KCOO3-EKPAG-FKYFC-O2B2N-O3UUA
> > UDF=KBR3A-RQLV7-SMB6X-6OB7X-JMBNT
>
> Ooh, I've tagged this email as "Later" so I can go back to that. How
> will I go about verifying those when the secrets are divulged? (Pardon
> me if I haven't been paying attention in class here.)
>
OK so I have decided to make a few changes to the structure here so the
values will change.
Let us say that m = "Konrad is a Kompromised agent".
first choose a random key kt = P (0xB0 || rand (512), 125)
(where P is the presentation/truncation function using Base32 putting in
dashes every 5 characters and truncating to 125 bits)
We use SHA-2-512 to construct a Keyed UDF, so HKDF(), H(), HMAC() are
functions all using that as the base digest:
k = HKDF (kt, 512)
f = HMAC (k, ct || ':' || H(m))
udf = P((v || f), 125)
Where v is simply a tag to identify the fingerprint type and ct is the IANA
content type
So the core here is that we have a fingerprint of the data that can only be
verified if the key kt is known. Since this is a keyed digest, we are using
an HMAC for the purpose.
I have pushed out the code to GitHub but I need to clean it up a bit. The
version prefixes have been chosen so that the version number shows the
fingerprint type. A SHA-2 fingerprint will always start with an M
(Merkle-Damguard) and SHA-3 will always start with an S (Spongeworthy).
Random numbers will always start with R and I had chosen K for Keyed hash.
It since occurs to me that I should probably use K for actual Keys so maybe
I need to move the prefixes about.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20190104/f2fb65d5/attachment.html>
More information about the cryptography
mailing list