[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: blind validation
Alex Strasheim writes:
[discussion and assumptions liberally elided]
> 1. Alice initiates a transaction with Bob. (Perhaps by asking
> him for a file.)
>
> 2. Bob generates a random number and sends it back to Alice.
>
> 3. Alice blinds Bob's number and sends it to Trent, along with
> proof of her validatability.
>
> 4. Trent checks Alice's proof, signs the blinded number, and
> then returns it to Alice.
>
> 5. Alice unblinds Bob's number, then sends it to Bob.
>
> 6. Bob checks Trent's signature and makes sure that the number
> he recieved matches the one he sent out. Then Bob processes
> Alice's transaction.
>
> If Bob always follows this protocol, he can prove to Sam that
> he's followed the law. Alice remains anonymous. Alice can still
> transfer the file, but she has to give it away herself: she
> can't give away the ability to get it directly from Bob without
> giving away the ability to prove Aliceness to Trent.
I'm not convinced that your last point is true. It appears that the signed
Bobnet-access-number is still just a transferrable ticket. Charlie can
place an order with Bob, forward the Bobnet-access-number to Alice, wait for
Alice & Trent to do the blinding & signing tango, forward the signed Bobnet-
access-number to Bob, and get the goods from Bob.
Charlie can't use the signed Bobnet-access-number to prove to Trent
that he's Alice. In fact, since it's unblinded, Charlie can't even prove
that he's linked to a particular validation performed by Trent. (If Alice
foolishly gave him the blinded version too, he could show that he shares
Alice's knowledge about this validation.)
[...]
> The main problems that I can see with this protocol are:
>
> 1. It's vulernable to traffic analysis.
> 2. Sam has to trust Trent, which he may be unwilling to do.
> 3. You can infer stuff about Alice from the kinds of requests
> she makes of Trent. Someone who always asks Trent for proof
> that he's not a felon might tag himself as a person who buys
> a lot of guns or ammunition, for example.
3. is OK as long as Alice trusts Trent. The trick is selecting a Trent
trusted by both Alice and Sam ;)
-Futplex <[email protected]>