[Cryptography] Eudaemon: A peer-to-peer electronic identity system
Nico Williams
nico at cryptonector.com
Thu Apr 27 11:47:20 EDT 2023
On Thu, Apr 27, 2023 at 09:36:35AM +0200, Ralf Senderek wrote:
> On Wed, 26 Apr 2023, Nico Williams wrote:
> > So what's the use of publishing a blockchain of ciphertext? Well, you
> > can use that commit to plaintext to be revealed later by revealing the
> > decryption key(s). And you can use this to share data with others who
> > have the decryption keys already.
>
> Well, that the people who use the blockchain already *have* the
> decryption keys and don't get them through the blockchain is
> a very good idea.
That's one idea.
The other is to commit to plaintext before you publish it, though one
can also just publish a digest or MAC of the plaintext (or ciphertext)
in order to keep the blockchain updates small. This way you can commit
to some content and reveal it later by just revealing the decryption
key. This is known as a "commitment scheme"[0], and this construction
is a generic construction using off-the-shelf cryptography with
blockchains to enforce the commitment.
> But if they share encrypted messages the blockchain only solves
> the ciphertext distribution problem for the N people and it makes
> up for a giant store of metadata that records interactions for
> eternity.
One can publish on the blockchain digests of the data, whether it be
plaintext or ciphertext, and publish the actual data (pt or ct)
off-blockchain.
Also, the point of a blockchain is to ensure that all who have observed
it have seen "the same past" up to some point (typically the present).
It is possible to truncate the past when everyone agrees that they've
seen the same past up to a particular point.
[0] https://en.wikipedia.org/wiki/Commitment_scheme
More information about the cryptography
mailing list