On 17 April 2015 at 23:10, Michael Rogers <[email protected]> wrote:
> On 17/04/15 18:37, Ben Laurie wrote: > > > > On 17 April 2015 at 11:54, Michael Rogers <[email protected] > > <mailto:[email protected]>> wrote: > > > > Members should be able to send messages to the group, such that any > > member of the group can verify that a message was written by the > owner > > of a particular signature key, but can't prove it to anyone outside > the > > group. > > > > > > Isn't this a fantasy requirement? That is, if I am a member of the group > > and I want to prove it to someone outside the group, don't I just have > > them look over my shoulder? > > It's not a fantasy requirement, it's a standard property of MACs. If > Alice and Bob share a MAC key and Alice uses it to create a MAC, Bob > knows that since he didn't create the MAC, Alice must have done. But Bob > can't prove to Carol that it was Alice rather than Bob who created it. > If Carol knows everything Bob knows, then Carol also knows Alice created it. That's my point. I don't believe it is possible for Bob to prove there is no Carol. All I'm really saying is the property you can have is something a little weaker, as Ximin has expounded on at some length.
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
