[Cryptography] Anonymous rendezvous (was Business opportunities in crypto)
Christian Huitema
huitema at huitema.net
Sat May 8 21:43:23 EDT 2021
On 5/7/2021 11:39 AM, John Levine wrote:
> It appears that jrzx via cryptography <jrzx at protonmail.ch> said:
>>> 1) Allow a party with an established reputation to claim it on the Web.
>>> 2) To allow a party with no reputation to establish that they are accountable to some civil authority.
>> By now, however, all the important reputations are established *on* the web, so
>> moving existing reputations to the web no longer matters.
> This must be a different web than the rest of us use.
>
> When I use my bank's web site, I consider it rather important that
> the entity I deal with through the web site is the same one I deal
> with when I walk down to their physical branch.
This long thread told me one thing: anonymous rendezvous is a poor name
for a problem, because it encompasses many different problems.
The initial problem that I had in mind is probably better called
something like "discrete handshake". The typical scenario involve
parties that know each and have exchanged credentials beforehand, like
employees of the same company or devices belonging to the same owner.
The problem is to establish a network connection without divulging their
identities and presence to outside observers. For example, in the two
employees scenario, their laptops discover each other by broadcasting
messages over WiFi or Bluetooth, but these messages do not reveal to
observers identifying information like static MAC Addresses, IP
addresses or public key values.
There is a related problem in which the two parties have not previously
met, but possess a shared cue, such as two halves of a torn dollar bill.
I don't know whether that system reduces to the previous one. It
probably does, but I have no proof of that. I could call it "discrete
encounter".
Then there is the case of two parties that have never met and have no
shared knowledge, but want to start a communication. The goal of these
parties is to exchange credentials that could later prove that they are
still communicating to the same partner. When the two parties are two
devices, this typically reduces to "pairing". Solutions often involve an
out of band channel for verification, such as the PIN numbers displayed
and verified when pairing Bluetooth devices. There is quite a bit of
literature on that subject.
I am personally more interested in the discrete handshake problem. For
example, allowing WiFi clients to connect to WiFi servers without the
server broadcasting a constant SSID, and without the client polling for
a previously known SSID.
-- Christian Huitema
More information about the cryptography
mailing list