[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Anonymous nym ratings
- To: [email protected]
- Subject: Anonymous nym ratings
- From: Anonymous <[email protected]>
- Date: Tue, 22 Dec 1998 03:02:37 +0100
- Comments: This message did not originate from the Sender address above.It was remailed automatically by anonymizing remailer software.Please report problems or inappropriate use to theremailer administrator at <[email protected]>.
- Sender: [email protected]
Adam Back writes:
> Probably a good rule of thumb is never to sign anything and always
> post via a mixmaster chain.
> Some messages don't need a persistent nym
> even. Perhaps one could construct a zero knowledge proof of nym
> reputation rating without identityfing the nym which might be useful
> for filtering without linkability.
This could be done via some of the recent work on group signatures.
Efficient methods have been developed to show that a message is signed
by a key, without revealing what the key is, but proving that the key
itself is signed by a specific other key.
Imagine an editor who only signs keys belonging to people who deserve
to get through filters. Call this "endorsing" a key. If you respect
that editor, you set your filters to let messages through which are by
keys he has endorsed in this manner. Now, people can submit messages
anonymously, but in such a way that they are provably written by an
endorsed key, without revealing which key it is.
The protocols are reasonably efficient, with signature verification taking
about 20 times longer than a regular DSS signature. However the methods
involve blind signatures, and hence would infringe upon Chaum's patent.
The group signature was described at Crypto 97; an extension for blind
group signatures at Asiacrypt 98; and more work will be presented at