Anton Stiglic wrote: > > ----- Original Message ----- > From: "Ian Grigg" <[EMAIL PROTECTED]> > > > [...] > > In terms of actual "practical" systems, ones > > that implement to Brands' level don't exist, > > as far as I know? > > There were however several projects that implemented > and tested the credentials system. There was CAFE, an > ESPRIT project.
CAFE now has a published report on it, so it might actually be accessible. I'm not sure if any of the tech is available. > At Zeroknowledge there was working implementation written > in Java, with a client that ran on a blackberry. > > There was also the implementation at ZKS of a library in C > that implemented Brands's stuff, of which I participated in. > The library implemented issuing and showing of credentials, > with a limit on the number of possible showing (if you passed > the limit, identity was revealed, thus allowing for off-line > verification of payments for example. If you did not pass the > limit, no information about your identity was revealed). > The underlying math was modular, you could work in a > subgroup of Z*p for prime p, or use Elliptic curves, or > base it on the RSA problem. We plugged in OpenSSL > library to test all of these cases. > Basically we implemented the protocols described in > [1], with some of the extensions mentioned in the conclusion. > > The library was presented by Ulf Moller at some coding > conference which I don't recall the name of... Is any of this published? I'd assumed not, ZKS were another company obscuring their obvious projects with secrecy. > It was to be used in Freedom, for payment of services, > but you know what happended to that projet. Reality caught up to them, I heard :) As Eric R recently commented, there are no shortage of encrypted comms projects being funded and .. collapsing when they discover that selling secure comms is not a demand- driven business model. > Somebody had suggested that to build an ecash system > for example, you could start out by implementing David > Wagner's suggestion as described in Lucre [2], and then > if you sell and want extra features and flexibility get the > patents and implement Brands stuff. Back in '98 or so, I got involved with a project to do bearer stuff. I even went so far as to commission a review of all the bearer protocols (Cavendish, Chaum, Brands, Wagner, Mariott, etc etc). Brands came out as the best (please don't ask me why), so Stefan and I spent many a pleasurable negotiating session in Dutch bars trying to hammer out a licence. Unfortunately we didn't move fast enough to lock up the terms, and he went off to bigger and better things - ZKS. Since then, we toyed around adding tokens to WebFunds. We started out thinking about Wagner, but what transpired was that it was just as easy to make the whole lot available at once. Now we have a framework. (It's an incomplete project, but we recently picked it up again after a long period of inactivity, as there is a group that has figured out how to use it for a cool project.) The protocol only covers single phase withdrawals, not two phase, so far. > Similar strategy > would seem to apply for digital credentials in general. Perhaps! I don't understand the model for credentials, but if they can all be put into a block-level protocol, then sharing the code base is a mighty fine idea. > > There is an alternate approach, the E/capabilities > > world. Capabilities probably easily support the > > development of psuedonyms and credentials, probably > > more easily than any other system. But, it would > > seem that the E development is still a research > > project, showing lots of promise, not yet breaking > > out into the wider applications space. > > > > A further alternate is what could be called the > > hard-coded psuedonym approach as characterised > > by SOX. (That's the protocol that my company > > wrote, so normal biases expected.) This approach > > builds psuedonyms from the ground up, which results > > in a capabilities model like E, but every separate > > use of the capability must be then re-coded in hard > > lines by hardened coders. > > Do you have any references on this? The capabilities guys hang around here: http://erights.org/ http://www.eros-os.org/ SOX protocol is described here: http://webfunds.org/guide/sox.html iang --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
