---------- Forwarded message ----------
Date: Mon, 3 Oct 2005 08:32:44 -0400
From: Paul Syverson <[EMAIL PROTECTED]>
Cc: cryptography@metzdowd.com
Subject: Re: Hooking nym to wikipedia

Hi Jason et al,

On Mon, Oct 03, 2005 at 11:48:48AM +0000, Jason Holt wrote:

More thoughts regarding the tokens vs. certs decision, and also multi-use:


A related approach that thwarts the network eavesdropper would be to issue
a series of certificates which expire one per interval (hour/day/whatever,
trading privacy against the hassle of managing lots of certs).  Then our
dissident uses each cert in turn, securely deleting it after it expires.
The CA keeps a list recording all the certs issued to the same user, and
when Wikipedia wishes to ban a user, the CA revokes all the unexpired certs
for that user.  The CA also securely deletes expired certs from its lists,
so that if compromised, it has merely the same list of certs found on the
client machine, and is likewise devoid of any reference to certs used in
prior transactions.

Of course, there are nifty cryptographic solutions to the problem of
revoking repeat offenders without linking activities of good users.
Private Credentials and Idemix are the two best known examples, but both
are complicated and patent-ridden.

You might want to have a look at our UST (Unlinkable Serial Transactions)

It was published in ACM TISSEC

(or .ps)

There was also an earlier version published at Financial Crypto.
(It lacks the proofs and some improvements to the protocols)

(or .ps)

1. I think it is much less complicated than the other things you raised,
   but of course has other tradeoffs.

2. The papers are it. There is no current code worth looking at.

3. Thanks for the reminder. It too is patented if not patent-ridden,
   but we should be able to cope with that. Basically you shouldn't put
   huge work in assuming that there are no encumbrances to address, but if
   you are interested given 1 and 2 after you look at it, let me
   know. I can then explain the issues regarding the patent situation.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to