Hey Saba, Read this paper with interest. Thanks for sharing!
Am I correct that the range proof signatures are completely unrelated to normal log operation? That is, the ordinary log behavior continue to use commonly supported algorithms (RSA-PKCS1v15 or ECDSA) with only the intermediate range values being signed to admit proofs of signatures under commitment? On Wed, Apr 5, 2017 at 12:27 PM, Saba Eskandarian <[email protected]> wrote: > Since there wasn't time to present these privacy preserving proofs at the > meeting last week, I thought it might be of interest to the list that I'll > be presenting the idea at Stanford's annual security workshop next Monday. > I believe it will be streamed on youtube, and you may find the other > presentations interesting as well (http://forum.stanford.edu/ > events/2017security.php). The workshop is aimed at a non-specialist > audience, but I still hope to get to much of the content I meant to present > at ietf. > > thanks, > ~saba > ------------------------------ > *From:* Ben Laurie <[email protected]> > *Sent:* Monday, March 27, 2017 2:48:11 AM > > *To:* Saba Eskandarian > *Cc:* [email protected] > *Subject:* Re: [Trans] Privacy-preserving proof of sct exclusion > > > > On 27 March 2017 at 05:16, Saba Eskandarian <[email protected]> wrote: > >> Thanks for the prompt feedback! I'll make sure to address these comments >> in my talk, and I'm looking forward to discussing design options in person. >> I suspect that the flexibility of the tools and techniques we use as well >> as the associated engineering and privacy tradeoffs will make for an >> interesting discussion. >> > > Afraid I won't be there, but looking forward to hearing more. > > >> >> Thanks, >> >> ~saba >> ------------------------------ >> *From:* Ben Laurie <[email protected]> >> *Sent:* Sunday, March 26, 2017 9:46:21 AM >> *To:* Saba Eskandarian >> *Cc:* [email protected] >> *Subject:* Re: [Trans] Privacy-preserving proof of sct exclusion >> >> >> >> On 25 March 2017 at 22:39, Saba Eskandarian <[email protected]> wrote: >> >>> Hello, >>> >>> I'm on the agenda for Tuesday's meeting to share a privacy-preserving >>> proof of sct exclusion from a log (I think Eran alluded to this work in a >>> message a while ago). >>> >>> My posted slides will not include many words, so I wanted to share a >>> link to the preprint of our academic paper on the subject in case anyone >>> wants to read the details there. The paper is targeted at a somewhat >>> different audience, but it can be found here: >>> https://arxiv.org/abs/1703.02209 >>> >>> Thanks and looking forward to meeting you all next week! >>> >> >> Cool, but I immediately see a problem - you require logs to be in >> timestamp order, but they aren't. I can't immediately think of a way to get >> that property without also considerably increasing time to inclusion in the >> log. >> >> That seems undesirable - in fact, we're trying to go the other way, i.e. >> reduce time to inclusion, in general. >> >> Also, engineering reality doesn't change, so increasing time to inclusion >> is also likely to increase MMD. >> >> Secondly, its interesting, but doesn't seem particularly useful: when an >> SCT corresponds to a cert that has not been included, you want to reveal >> the cert, not hide it. What you want to hide is who is revealing it. >> >> ~saba >>> >>> _______________________________________________ >>> Trans mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/trans >>> >>> >> > > _______________________________________________ > Trans mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/trans > >
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
