[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Interoperability, one-use remailer tickets



Mike Ingle <[email protected]> writes:
[Part about remailers deleted]
>For something complex like this, we need a language with a little more
>leverage than C provides. For this and other complex protocols, I've ported
>RSAREF 2.0 to Perl. The interface does not require you to recompile Perl.
>It uses a C daemon and pipes. It provides symmetric encryption, public-key
>encryption, digital signatures, hashing, DH exchange, and ASCII armor.
>The algorithms used are MD5, MD2, DES, DESX, triple-DES, RSA, and DH.
>It has a good (eval/die) exception handling mechanism, and a very thorough
>regression testing script.
>[...]
>I want to add other algorithms to the Perl encryption package. The secret
>sharing, for one. A one-function call to gzip for compression. A blind
>signature if I could get patent permission (not from Chaum; how's Brands?)
>or perhaps just do it with a "research purposes only" disclaimer. Someone
>with Visual Basic experience could do a DOS/Windows VBX module to enable
>easy writing of PC clients for neat net-based servers written with the Perl
>encryption package.

This is very exciting!  Could you show some examples of how your code
would be used with Perl?  Some kind of script that could work with MP
numbers or RSA decrypt a file?  It would be very good to have a
prototyping language like Perl with crypto addons.

>Code for secret sharing is available, but most secret-sharing algorithms
>create shadows each the size of the message. This can be avoided: use an
>error correcting code to add enough information to the original so the
>message can be recreated with any m of n pieces. Break into pieces, encrypt
>each piece, and secret-share the key. Where can I get an error correction
>algorithm that can do this? You should be able to increase a file's size by
>50% and then have any two of three pieces recreate it, for example.

Try looking for a package called Shade using Archie.  Here is an excerpt
from the doc file:

> `shade' is a file splitting and merging utility.  It takes a large
> file and splits it into uniformly sized blocks.  It can also output
> extra blocks (called shadows).  These shadows can be used to recover
> missing sections if they get corrupted or it they are lost.  With a
> single shadow, `shade' can recover ANY single missing block.  As many
> shadows are needed as there are blocks missing.  If too few blocks
> and shadows are available, nothing can be recovered.
> 
> For example, foo.bar (259042 bytes) is split into 5 sections
> of 45000 bytes, 1 section of 34042 bytes and 2 shadows of
> 45000 bytes.  Each of these 8 parts is sent through email.
> Even if any two of these eight parts gets lost, the original
> foo.bar can be reconstructed.
> 
> `shade' is a simple application of the chinese remainder theorem
> for polynomials with coeficients modulo two.  For more information
> see the comments at the beginning of project.c.

As for the remailer return address idea, I would suggest looking at
Chaum's 1981 paper from CACM which has a similar concept.  I believe it
was posted here recently.  Instead of using shared secrets he had the
secret key at each hop get embedded in the return address itself.

Hal