BusinessWeek article on IBM Research's Fully Homomorphic Encryption
Good read: http://www.businessweek.com/technology/content/sep2009/tc20090930_463595.htm For more info: http://www-03.ibm.com/press/us/en/pressrelease/27840.wss http://portal.acm.org/citation.cfm?id=1536414.1536440 This is just a proof of possibility, not (yet) feasibility. saqib http://enterprise20.squarespace.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Trusted timestamping
On Sun, 04 Oct 2009 23:42:22 +0200 Alex Pankratov a...@poneyhot.org wrote: There is for example timestamp.verisign.com, but there is no documentation or description of it whatsoever. From European world plagued with qualified electronic signature disease - timestamp servers usually are compatible with RFC 3161 Time-Stamp Protocol (TSP) that works over HTTP, but since they don't want to provide free timestamping for anyone they're using various techniques to limit usage of this service. I've seen two techniques to do this. One was allowing only TSP request encapsulated in *signed* CMS (RFC 3369). So if you're signing a document using qualified signature AND timestamp you've got to enter PIN twice - one for document signature, one for TSP transport signature. The other server was not requiring signed CMS, but instead silently discarded signature requests from clients other that their own software. It had something to do with TSP options probably, but I didn't investigate any deeper. -- Pawe Krawczyk http://ipsec.pl - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Trusted timestamping
On 04/10/2009 23:42, Alex Pankratov wrote: I guess my main confusion at the moment is why large CAs of Verisign's size not offering any standalone timestamping services. My view is that there is no demand for this as a service. The apparent need for it is more a paper requirement that came out of PKI world's search for a perfect product than any business need. E.g., if you think you want it, you might be better rewarded by re-examining your assumptions as to why it is needed, than building it... iang - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
RE: Trusted timestamping
-Original Message- On Sunday, October 04, 2009 5:42 PM Alex Pankratov a...@poneyhot.org wrote: Does anyone know what's the state of affairs in this area ? I think there are two factors. 1) This is complex problem and 2) Where it might have really been required (i.e. the courts) it has not; the courts accept unsigned, text log files as reasonable evidence. From a local (as in US) perspective I would look into some of the services provided by NIST (http://tf.nist.gov/service/its.htm). Even their authenticated offerings appear to be very limited, and use static, symmetric keys (which can only be obtained by snail-mail!) I've always liked the saying: A man with two watches never knows what time it is. As long as there is more than one accepted internet time source and the courts accept uncertified timestamps in log files, I don't see any clear solution to (or reason to pursue) obtaining signed time. -Piers -- Piers Bowness RSA - The Security Division of EMC - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Question about Shamir secret sharing scheme
On Sat, 3 Oct 2009, Kevin W. Wall wrote: Hi list...I have a question about Shamir's secret sharing. According to the _Handbook of Applied Cryptography_ Shamir’s secret sharing (t,n) threshold scheme works as follows: SUMMARY: a trusted party distributes shares of a secret S to n users. RESULT: any group of t users which pool their shares can recover S. The trusted party T begins with a secret integer S ≥ 0 it wishes to distribute among n users. (a) T chooses a prime p max(S, n), and defines a0 = S. (b) T selects t−1 random, independent coefficients defining the random polynomial over Zp. (c) T computes Si = f(i) mod p, 1 ≤ i ≤ n (or for any n distinct points i, 1 ≤ i ≤ p − 1), and securely transfers the share Si to user Pi , along with public index i. The secret S can then be computed by finding f(0) more or less by using Lagrangian interpolation on the t shares, the points (i, Si). The question that a colleague and I have is there any cryptographic purpose of computing the independent coefficients over the finite field, Zp ? Just to add two comments to what others have already said: - You can use any finite field. In particular, if your secret is a bit string of length k you can use the field GF(2^k) to get share size equal to secret size. (Whereas if you work mod p you lose a bit.) - As you describe the scheme above, note that you actually leak an upper-bound on the size of the secret (namely, it is at most p). The setup for Shamir secret sharing (and any other scheme, for that matter) assumes the range of the secret is public knowledge already.
Re: Trusted timestamping
Alex Pankratov wrote: Does anyone know what's the state of affairs in this area ? This is probably slightly off-topic, but I can't think of a better place to ask about this sort of thing. I have spent a couple of days looking around the Internet, and things appear to be .. erm .. hectic and disorganized. There is for example timestamp.verisign.com, but there is no documentation or description of it whatsoever. Even the website itself is broken. However it is used by Microsoft's code signing tool that embeds Verisign's timestamp into Authenticode signature of signed executable files. There is also a way to timestamp signed PDFs, but the there appears to be nothing _trusted_ about available Trusted Timestamping Authorities. Just a bunch of random companies that call themselves that way and provide no indication why they should actually be *trusted*. No audit practicies, not even a simple description of their backend setup. The same goes for the companies providing timestamping services for arbitrary documents, either using online interfaces or a downloadable software. There are also Digital Poststamps, which is a very strange version of a timestamping service, because their providers insist on NOT releasing the actual timestamp to the customer and then charging for each timestamp verification request. I guess my main confusion at the moment is why large CAs of Verisign's size not offering any standalone timestamping services. Any thoughts or comments ? I answer your question by two questions: Trusted timestamping service is like a specialized form of non-repudiation service. You may wonder if there is any fielded usage of genuine non-repudiation service, i.e. extending to an arbitration function that would support evidence management in some litigation forum. Fraud prevention in payment systems is not based on a genuine non-repudiation scheme. Are you aware of the current state of genuine non-repudiation service? Another approach to your question is that timestamping service has to be sold before being fielded and used. Who is(are) the real beneficiary(ies) in a trusted timestamping service, and how do you sell the service to them so that it makes economic sense? Regards, - Thierry Moreau - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Trusted timestamping
On Mon, Oct 5, 2009 at 8:42 AM, Alex Pankratov a...@poneyhot.org wrote: Does anyone know what's the state of affairs in this area ? This is probably slightly off-topic, but I can't think of a better place to ask about this sort of thing. I have spent a couple of days looking around the Internet, and things appear to be .. erm .. hectic and disorganized. There is for example timestamp.verisign.com, but there is no documentation or description of it whatsoever. Even the website itself is broken. However it is used by Microsoft's code signing tool that embeds Verisign's timestamp into Authenticode signature of signed executable files. There is also a way to timestamp signed PDFs, but the there appears to be nothing _trusted_ about available Trusted Timestamping Authorities. Just a bunch of random companies that call themselves that way and provide no indication why they should actually be *trusted*. No audit practicies, not even a simple description of their backend setup. The same goes for the companies providing timestamping services for arbitrary documents, either using online interfaces or a downloadable software. There are also Digital Poststamps, which is a very strange version of a timestamping service, because their providers insist on NOT releasing the actual timestamp to the customer and then charging for each timestamp verification request. I guess my main confusion at the moment is why large CAs of Verisign's size not offering any standalone timestamping services. Any thoughts or comments ? I have no useful comments other than to point you to a timestamping service you may or may not have seen (I didn't see you mention it: http://www.itconsult.co.uk/stamper/stampinf.htm), form what I've noticed (just in passing) this seems to be the most popular stamping service. Thanks, Alex -- noon silky http://www.mirios.com.au/ http://skillsforvilla.tumblr.com/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Trusted timestamping
On 5 Oct 2009, at 16:04, Ian G wrote: My view is that there is no demand for this as a service. The apparent need for it is more a paper requirement that came out of PKI world's search for a perfect product than any business need. E.g., if you think you want it, you might be better rewarded by re- examining your assumptions as to why it is needed, than building it... http://www.itconsult.co.uk/stamper.htm Has been around since ~1995 and just works whenever I have used it, albeit some time ago. It publishes time stamp info on Usenet, comp.security.pgp.announce which shows the last activity was in 2002... http://groups.google.com/group/comp.security.pgp.announce/browse_thread/thread/d25667d87c1740f6# Which seems to support your viewpoint. f - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com