Hi Alfie,

Yes, this is exactly what I meant. The complexity of the proposed construction 
is comparable to that of Bitcoin itself. This is not itself prohibitive, but it 
is clearly worthy of consideration.

A question we should ask is whether decentralized anonymous credentials is 
applicable to the authentication problem posed by BIP151. I propose that it is 
not.

The core problem posed by BIP151 is a MITM attack. The implied solution (BIP151 
+ authentication) requires that a peer trusts that another is not an attacker. 

Authentication of an anonymous peer cannot achieve this objective, since the 
peer may be anyone and an attack on privacy can be undetectable. The identity 
of a peer must be known to the relying peer, either directly or transitively.

DAC is applicable in cases where identity is never required.  The prime example 
in the paper is that of first-come-first-served name registration. No identity 
is required in that scenario, just proof that a party in question is the 
original registrant. All participants are presumed to be "good".

I believe that a distributed anonymous system is fundamentally at odds with 
isolation of "good" vs. "bad" participants who comply with protocol rules (DoS 
considerations aside), and that any attempt to resolve this conflict will 
result in the system no longer allowing anonymous participation.

I may be mistaken, but I haven't found a way out of this realization.

e

> On Jun 29, 2016, at 1:17 PM, Alfie John <al...@alfie.wtf> wrote:
> 
> On Tue, Jun 28, 2016 at 06:45:58PM +0200, Eric Voskuil via bitcoin-dev wrote:
>>> then we should definitively use a form of end-to-end encryption between
>>> nodes. Built into the network layer.
>> 
>> Widespread application of this model is potentially problematic. It is a
>> non-trivial problem to design a distributed system that requires 
>> authentication
>> but without identity and without central control. In fact this may be more
>> challenging than Bitcoin itself. Trust on first use (TOFU) does not solve 
>> this
>> problem.
> 
> Maybe the following paper can feed into this discussion:
> 
> "Decentralized Anonymous Credentials" by Christina Garman, Matthew Green, Ian 
> Miers
>   https://eprint.iacr.org/2013/622.pdf
> 
> Alfie
> 
> -- 
> Alfie John
> https://www.alfie.wtf
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Reply via email to