Hi Jake. This is not GPG-related, but I worked on an OpenID-based private federated login system called PseudoID that used blind signatures. Basically, an identity provider will check your real identity, then issue you a blindly-signed token which you can then later use to log in pseudo-anonymously to an OpenID consumer. The consumer and provider can't latter correlate your real identity with that login.
This was a summer project from an intern at the time and should be considered a proof-of-concept. It does the unblinding crypto in server-delivered Javascript so is not secure as-is. Do not use for anything in practice. Here's the paper: http://saweis.net/pdfs/pseudoid-pets2010.pdf Here's the source: https://code.google.com/p/pseudoid/ Here's a demo video: https://www.youtube.com/watch?feature=player_embedded&v=fCBPuGsO_I4 Here's a site that was the private ID provider demo: http://private-idp.appspot.com/ Here was the blind-signer demo, which is broken since we accidentally let the pseudoid.net domain lapse: http://blind-signer.appspot.com/ On Sun, Aug 18, 2013 at 1:08 AM, Jake <j...@spaz.org> wrote: > Hello everybody, > > I am trying to form an anonymous opining sytem based on a single > Registrar, whose signatures deify users' public keys with the mark of a > Participant. But to protect the users from an evil registrar, blinding > must be used. > > I have been told that blinding is already implemented internally to deter > timing-based attacks, so this would be a matter of implementing a > command-line option to blind a blob and save the blinding salts. > > I am not a cryptographer so I can only repeat what i've heard on this. > > http://en.wikipedia.org/wiki/**Blind_signature#Blind_RSA_** > signatures.5B2.5D:235<http://en.wikipedia.org/wiki/Blind_signature#Blind_RSA_signatures.5B2.5D:235> > > Basically, a Participant generates a key pair (only for use in opining, > not with their real identity) and wants to be able to prove, in public > signed cleartext postings, that their public key has been signed by the > Registar as an endorsement of Participation. But they don't want the > Registrar to see their public key and correlate it with their real identity > (their proof of eligibility for participation) because that would > compromise their anonymity. > > So the Participant "blinds" their public key, presents that blob to the > Registrar (along with their real identity) and receives the Registrar's > signature of the blob. Then they take the blob home, and unblind it, > revealing a perfect Registrar's signature of their public key. > > Please write if you can help me make this happen. I believe that the > system i'm trying to create could have a very positive effect on democracy > in the world, and hopefully make politicians into simple clerks whose job > is simply to count the opinions and follow the will of the people. > > take care, > -jake > ______________________________**_________________ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/**mailman/listinfo/cryptography<http://lists.randombit.net/mailman/listinfo/cryptography> >
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
