thank you Steve for the link to your work!
I really like the idea you had and i hope it catches on, people need
something like that. But I don't think they realize it yet, and the ones
who do have other ways to achieve it.
My focus is very specific though. I want to use openPGP to do the
blinding and blind-signing and unblinding, so that the entire system I
want to create can be based off of a familiar and trusted suite of tools.
Does anyone have experience with the GPG source tree who might be able to
help expose the blinding routines to the user? I'm scared to start from
scratch.
-jake
On Sun, 18 Aug 2013, Steve Weis wrote:
Hi Jake. This is not GPG-related, but I worked on an OpenID-based private
federated login system called PseudoID that used blind
signatures. Basically, an identity provider will check your real identity, then
issue you a blindly-signed token which you can
then later use to log in pseudo-anonymously to an OpenID consumer. The consumer
and provider can't latter correlate your real
identity with that login.
This was a summer project from an intern at the time and should be considered a
proof-of-concept. It does the unblinding crypto
in server-delivered Javascript so is not secure as-is. Do not use for anything
in practice.
Here's the paper:
http://saweis.net/pdfs/pseudoid-pets2010.pdf
Here's the source:
https://code.google.com/p/pseudoid/
Here's a demo video:
https://www.youtube.com/watch?feature=player_embedded&v=fCBPuGsO_I4
Here's a site that was the private ID provider demo:
http://private-idp.appspot.com/
Here was the blind-signer demo, which is broken since we accidentally let the
pseudoid.net domain lapse:
http://blind-signer.appspot.com/
On Sun, Aug 18, 2013 at 1:08 AM, Jake <j...@spaz.org> wrote:
Hello everybody,
I am trying to form an anonymous opining sytem based on a single
Registrar, whose signatures deify users' public keys
with the mark of a Participant. But to protect the users from an evil
registrar, blinding must be used.
I have been told that blinding is already implemented internally to deter
timing-based attacks, so this would be a
matter of implementing a command-line option to blind a blob and save the
blinding salts.
I am not a cryptographer so I can only repeat what i've heard on this.
http://en.wikipedia.org/wiki/Blind_signature#Blind_RSA_signatures.5B2.5D:235
Basically, a Participant generates a key pair (only for use in opining,
not with their real identity) and wants to be
able to prove, in public signed cleartext postings, that their public key
has been signed by the Registar as an
endorsement of Participation. But they don't want the Registrar to see
their public key and correlate it with their
real identity (their proof of eligibility for participation) because that
would compromise their anonymity.
So the Participant "blinds" their public key, presents that blob to the
Registrar (along with their real identity)
and receives the Registrar's signature of the blob. Then they take the
blob home, and unblind it, revealing a
perfect Registrar's signature of their public key.
Please write if you can help me make this happen. I believe that the
system i'm trying to create could have a very
positive effect on democracy in the world, and hopefully make politicians
into simple clerks whose job is simply to
count the opinions and follow the will of the people.
take care,
-jake
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
