[Cryptography] Business opportunities in crypto

Christian Huitema huitema at huitema.net
Wed Apr 14 03:37:03 EDT 2021 

On 4/13/2021 8:11 PM, Henry Baker wrote:
> Re: Privacy-preserving wifi/BT/wireless handshakes
>
> I need to do a better job of explaining this one.
>
> Suppose you have 2 devices that you want to connect so
> that they can talk to one another.
>
> If you connect them via a cable, and the cable is
> reasonably well-shielded, then no one can listen in
> to the conversation between the two devices.
>
> So now I want to connect two devices using a wireless
> connection -- e.g., wifi/Bluetooth/BLE/whatever. If
> I have complete control of both 'ends' and can set
> them up properly, then there should be a wireless
> protocol that reveals NOTHING about their connecting
> with each other, other than they are both transmitting
> from time to time on wireless channels.
>
> Right now, one of them has to publicly advertise its
> SSID & MAC, which should not be necessary for a point-
> to-point wireless connection.
>
> If a point2point connection can be made, then it should
> also be possible to create a multipoint connection which
> is completely private -- e.g., a private home network.
>
> At 08:53 AM 4/13/2021, Henry Baker wrote:
>> 4. Privacy-preserving wifi/BT/wireless handshakes. While
>> a small amount of progress was made several years ago
>> on random MAC addresses during scanning, the 'real',
>> '(semi-) fixed' MAC address is still used. Isn't there
>> some sort of zero knowledge challenge/response protocol
>> that could be used instead -- e.g., your MAC address
>> becomes a sort of private PKE key which you can prove
>> you have, but the wifi hotspot never actually learns
>> the bits of your now-private MAC address.

I have personally done  work on that topic, including the implementation 
of randomized MAC addresses in Windows 10, and the specification of a 
privacy preserving version of DHCP (RFC 7844). These specifications hide 
the "fixed" MAC address of the client, but do not hide the address and 
SSID of the server. There are indeed scenarios in which you want to hide 
the identity of both parties -- mobile servers, personal area networks, 
meeting in airport lounges, etc. RFC 8882 provides a list of 
requirements in these scenarios, but I don't know of any deployed 
protocol that meets these requirements. Anonymous rendezvous is a vexing 
problem.

-- Christian Huitema

More information about the cryptography mailing list