Adam Back wrote:
On Mon, May 10, 2004 at 02:42:04AM +, Jason Holt wrote:
Another approach to hiding membership is one of the techniques
proposed for non-transferable signatures, where you use construct:
RSA-sig_A(x),RSA-sig_B(y) and verification is x xor y = hash(message).
Where the sender is
Gap may be I'm misunderstanding something about the HC approach.
We have:
P = (P1 or P2) is encoded HC_E(R,p) = {HC_E(R,P1),HC_E(R,P2)}
so one problem is marking, the server sends you different R values:
{HC_E(R,P1),HC_E(R',P2)}
so you described one way to fix that by using
On Mon, May 10, 2004 at 02:42:04AM +, Jason Holt wrote:
However can't one achieve the same thing with encryption: eg an SSL
connection and conventional authentication?
How would you use SSL to prove fulfillment without revealing how?
You could get the CA to issue you a patient or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 10 May 2004, Adam Back wrote:
After that I was presuming you use a signature to convince the server
that you are authorised. Your comment however was that this would
necessarily leak to the server whether you were a doctor or an AIDs
On Mon, May 10, 2004 at 08:02:12PM +, Jason Holt wrote:
Adam Back wrote:
[...] However the server could mark the encrypted values by encoding
different challenge response values in each of them, right?
Yep, that'd be a problem in that case. In the most recent (unpublished)
paper, I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 10 May 2004, Adam Back wrote:
OK that sounds like it should work. Another approach that occurs is
you could just take the plaintext, and encrypt it for the other
attributes (which you don't have)? It's usually not too challenging
to
[copied to cpunks as cryptography seems to have a multi-week lag these
days].
OK, now having read:
http://isrl.cs.byu.edu/HiddenCredentials.html
http://isrl.cs.byu.edu/pubs/wpes03.pdf
and seeing that it is a completely different proposal essentially
being an application of IBE, and extension
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, 9 May 2004, Adam Back wrote:
and seeing that it is a completely different proposal essentially
being an application of IBE, and extension of the idea that one has
multiple identities encoding attributes. (The usual attribute this
