Julian Assange wrote:
>
> Let y = f(x) and f'(y) = x
>
> Imagine Bob runs a f' cracking service. Imagine Alice has y and wants x. Alice may
> or may not know f' however she wishes to take advantage of Bob's f' cracking service
> to obtain x. But she doesn't want Bob to know x. Yet she wants Bob to compute it
> for her.
>
> Imagine there is a blinding function b, and an unblinding function
> b'. Alice sends Bob b(y). Bob produces z=f'(b(y)). Alice extracts x =
> b'(b).
You mean b'(z), of course.
> Has this been done for RSA etc?
Pass, but I can't see why anyone would, since f'() for RSA is thought to
not exist.
> Is it possible to find blinding functions of this nature for any
> function in number theory?
b'(f(b(x)))=f(x) => f(b(x))=b(f(x)) which, it seems to me, is not
generally going to be possible (if you want b to also do blinding).
For example, consider f(x)=x^2. Then f(b(x))=b(x)^2 and b(f(x))=b(x^2).
It seems intuitively obvious to me (i.e. I can't be bothered to prove
it) that b(x)^2=b(x^2) implies that b is the identity function, which is
not much use as a blinding function.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
Coming to ApacheCon Europe 2000? http://apachecon.com/
