Re: Signing as one member of a set of keys

2002-08-22 Thread Ben Laurie 

Anonymous wrote:
> Len Sassaman has put the ringsig program up at
> 
>>http://www.abditum.com/~rabbi/ringsig/
> 
> 
> First, the ring signature portion has successfully been repaired from
> the truncation imposed by the anon remailer in the original post.
> 
> Second, unfortunately all of the tabs have been converted to spaces.
> This will prevent the sig from verifying.
> 
> Third, a number of the lines have been wrapped.  This will also prevent
> the verification from going through.

The version I posted does not appear to suffer from either of these 
problems (but also does not verify).

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/

Available for contract work.

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Re: Signing as one member of a set of keys

2002-08-22 Thread Ben Laurie 

Anonymous wrote:
>>>*** COULD SOMEONE PLEASE FOLLOW THE STEPS ABOVE AND PUT THE ringsig.c,
>>>ringsign, ringver, AND sigring.pgp FILES ON A WEB PAGE SO THAT PEOPLE
>>>CAN DOWNLOAD THEM WITHOUT HAVING TO GO THROUGH ALL THESE STEPS? ***
>>
>>Once it works, I'll happily do that, but...
>>
>>
>>>6. Finally, the verification step: run the ringver perl script, giving the
>>>PGP key file created in step 5 as an argument, and giving it the ringsig.c
>>>file as standard input:
>>>
>>>./ringver sigring.pgp < ringsig.c
>>>
>>>This should print the message "Good signature".
>>
>>ben@scuzzy:~/tmp/multisign$ ./ringver pubring.pkr < testwhole
>>ERROR: Bad signature
> 
> 
> Could you post the files anyway on a web page, then the author can check
> them against his copies and see which are corrupted?

http://www.alcrypto.co.uk/ringsign/

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/

Available for contract work.

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Re: Signing as one member of a set of keys

2002-08-22 Thread Ben Laurie 

Len Sassaman wrote:
> On Sat, 17 Aug 2002, Anonymous wrote:
> 
> 
>>*** COULD SOMEONE PLEASE FOLLOW THE STEPS ABOVE AND PUT THE ringsig.c,
>>ringsign, ringver, AND sigring.pgp FILES ON A WEB PAGE SO THAT PEOPLE
>>CAN DOWNLOAD THEM WITHOUT HAVING TO GO THROUGH ALL THESE STEPS? ***
> 
> 
> The files are available at:
> 
> http://www.abditum.com/~rabbi/ringsig/
> 
> Also, if you'd like to send me a more detailed blurb for the webpage, I'd
> be happy to put it up. Otherwise, this will have to do.
> 
> 
>>9.  Please report whether you were able to succeed, and if not, which step
>>failed for you.
> 
> 
> I just ran into a bunch of errors when trying to compile with OpenSSL
> 0.9.7beta3. I'm debugging now...

There's a fixed verion on the page I just posted (admittedly against a 
current 0.9.7 snapshot, not beta3).

http://www.alcrypto.co.uk/ringsign/

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/

Available for contract work.

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Re: Signing as one member of a set of keys

2002-08-22 Thread Len Sassaman 

On Thu, 22 Aug 2002, Anonymous wrote:

> Len Sassaman has put the ringsig program up at
> > http://www.abditum.com/~rabbi/ringsig/

[...]

> Second, unfortunately all of the tabs have been converted to spaces.
> This will prevent the sig from verifying.

[...]

I've put a corrected version in its place. If this still has problems,
could you send me the md5sum of the correctly formatted file so that I can
be sure I get it right?


--Len.

Re: Signing as one member of a set of keys

2002-08-22 Thread Anonymous 

Len Sassaman has put the ringsig program up at
> http://www.abditum.com/~rabbi/ringsig/

First, the ring signature portion has successfully been repaired from
the truncation imposed by the anon remailer in the original post.

Second, unfortunately all of the tabs have been converted to spaces.
This will prevent the sig from verifying.

Third, a number of the lines have been wrapped.  This will also prevent
the verification from going through.

Is it possible for you to visit
http://www.inet-one.com/cypherpunks/dir.2002.08.05-2002.08.11/msg00221.html
and use the kind of "Save as Text" command in your browser, to get the
version with the tabs and without the wrapping?  Doing this with IE on
this system avoids these problems.  Then you just need to bring over
the missing signature lines, which has been done successfully in the
files above.

Thanks very much to Len Sassaman for making this file available.
  ++multisig v1.0
+Hkvy3oF8ULSowmX+Q3oUgRxy7gEkn5fsiq3ezXz5dPJxQxz4nR9F+9YzjMTagOw
FpUA9idUECIm2023Ech/AHDSHFk4hqlZBon0Rak5N12C7R7tqdY2EkKOG9j2i24J
MkD0W7/qH53V2q6TheJUeRsSg4nn58nazWIKlOG8FZiGm+j6tRXnAiGVAE2+Mqtk
5Vig7GQ/c+MZWwgccN3pc8xENanr4dIbBJVzDQBZL2auoLpukRrj22AO+ujUnprh
pY8tj2BnJgyRxsQBSm/Kk9EGihnOy0bTNiaZiwEcd5vtTp8df3q8WdPDN/d0SDIi
T8Vr3SIikplopi/aaRoMk9S0o1I9FMJU8QwHXXi/6W300+a5m+aaOqnvjVJ7c0hE
h6tiS7g7IWHwlA1mTkm4+XNdQayUr43a7CTkBz+dYOA2qKOMfMwoWbIw82fwauKW
M4tmxgx/XFKljbFfXWT3klBJlJL1i9Rpi4ilf0gvxkAdxXas++oQ3BHg23FwV7ze
FyDIHfEU3DQkbcatu3iScJ5eH5B1PBbxdrkRlEIFzA5zl/3u7pEPmcbHNJAETdRb
oVW6yY8TolDAPfgAqMcFC72kuxDj6Z0tLhB13f1o7fvtIVEoVDs2cBgNkf3r75tP
LwyTzNTKy9rrIRJScJ/Ibb4XvsZHRLHSw9CNI/6qqMSVtiSuCBS/7kF0XGpr1FJe
eael8oJJh2C8eDov6yyHGOixUuJR6rs/pp2YvvyWLKeMu8BN9AScFyFk6k4aT/ck
/tEFNs3WyldNeIAw7lYAvj6qcJG1wqZkDT75x0qw+sTYJRREF7VPrdUGW+qfPFsn
626RnieO6ggYPq12DEb0aT8tdXESoVJcdpNp4NHoGUxD05p9mhsT1aFbocGVrpxa
UpsOfPcHKHNQbmAuZE6P4LMa/UlEn1l1rDuKSCbmnBqVvfYr96IjsF4c+PZTBllF
YJaz8XTeXvOvEuscbz8q+E7IJ+1VA5nosUYNd7u/LGN0Jg9jTn7HIzfQ4pKUV66r
jZnnKOvU8AZLHcEbduBMvLvE/5IZro5OYlDa+odIXISTIRvHP9k+GbHyeBKQ1CLj
UzVJAHyyu9g/J1b+QR5eyPDETkGhlnC7rpjvfqjwyKLfI80oVo/o2xV5K8dLNIFG
FGLcGMil4pjojXyBv/bx0rIOdpeipusCOn/JNl/6o94AP2XMjWRtxz1A9Jygy+qZ
x5yZxrOpKAhxSpyLi4af8fgqz16u/VLzfjBpIs7apNtLjbjv7qG5PXbT5I/RPPnl
hl6YMQYsBc6+5RbaRIZ8bflcDNkm/ar/hb5j2fpVhhainL6BlNw7DWFg4XTCV0zg

Re: Signing as one member of a set of keys

2002-08-21 Thread Len Sassaman 

On Sat, 17 Aug 2002, Anonymous wrote:

> *** COULD SOMEONE PLEASE FOLLOW THE STEPS ABOVE AND PUT THE ringsig.c,
> ringsign, ringver, AND sigring.pgp FILES ON A WEB PAGE SO THAT PEOPLE
> CAN DOWNLOAD THEM WITHOUT HAVING TO GO THROUGH ALL THESE STEPS? ***

The files are available at:

http://www.abditum.com/~rabbi/ringsig/

Also, if you'd like to send me a more detailed blurb for the webpage, I'd
be happy to put it up. Otherwise, this will have to do.

> 9.  Please report whether you were able to succeed, and if not, which step
> failed for you.

I just ran into a bunch of errors when trying to compile with OpenSSL
0.9.7beta3. I'm debugging now...


--Len.

Re: Signing as one member of a set of keys

2002-08-19 Thread Ben Laurie 

Anonymous wrote:
>>>*** COULD SOMEONE PLEASE FOLLOW THE STEPS ABOVE AND PUT THE ringsig.c,
>>>ringsign, ringver, AND sigring.pgp FILES ON A WEB PAGE SO THAT PEOPLE
>>>CAN DOWNLOAD THEM WITHOUT HAVING TO GO THROUGH ALL THESE STEPS? ***
>>
>>Once it works, I'll happily do that, but...
>>
>>
>>>6. Finally, the verification step: run the ringver perl script, giving the
>>>PGP key file created in step 5 as an argument, and giving it the ringsig.c
>>>file as standard input:
>>>
>>>./ringver sigring.pgp < ringsig.c
>>>
>>>This should print the message "Good signature".
>>
>>ben@scuzzy:~/tmp/multisign$ ./ringver pubring.pkr < testwhole
>>ERROR: Bad signature
> 
> 
> Could you post the files anyway on a web page, then the author can check
> them against his copies and see which are corrupted?

OK. Coming soon.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/

Available for contract work.

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Re: Signing as one member of a set of keys

2002-08-19 Thread Anonymous 

> > *** COULD SOMEONE PLEASE FOLLOW THE STEPS ABOVE AND PUT THE ringsig.c,
> > ringsign, ringver, AND sigring.pgp FILES ON A WEB PAGE SO THAT PEOPLE
> > CAN DOWNLOAD THEM WITHOUT HAVING TO GO THROUGH ALL THESE STEPS? ***
>
> Once it works, I'll happily do that, but...
>
> > 6. Finally, the verification step: run the ringver perl script, giving the
> > PGP key file created in step 5 as an argument, and giving it the ringsig.c
> > file as standard input:
> > 
> > ./ringver sigring.pgp < ringsig.c
> > 
> > This should print the message "Good signature".
>
> ben@scuzzy:~/tmp/multisign$ ./ringver pubring.pkr < testwhole
> ERROR: Bad signature

Could you post the files anyway on a web page, then the author can check
them against his copies and see which are corrupted?

Re: Signing as one member of a set of keys

2002-08-19 Thread Ben Laurie 

Anonymous wrote:
> Steps to verify the "ring signature" file (note: you must have the openssl
> library installed):
> 
> 
> 1. Save http://www.inet-one.com/cypherpunks/dir.2002.08.05-2002.08.11/msg00221.html,
> as text, to the file ringsig.c.  Delete the paragraph of explanation, and/or any
> HTML junk, so the file starts with:
> 
> /* Implementation of ring signatures from
>  * http://theory.lcs.mit.edu/~rivest/RivestShamirTauman-HowToLeakASecret.pdf
>  * by Rivest, Shamir and Tauman
> 
> and it ends with:
> 
> lPglqmmy3p4D+psNU1rlNv6yH/L0PgcuW7taVpbopjl4HLuJdWcKHJlXish3D/jb
> eoQ856fYFZ/omGiO9x1D0BsnGFLZVWob4OIZRzO/Pc49VIhFy5NsV2zuozStId89
> [...]
>  */
> 
> 
> 2. The "[...]" above is where a remailer caused some of the signature
> to be stripped out.  Replace the last few lines of ringsig.c with the
> text from
> http://www.inet-one.com/cypherpunks/dir.2002.08.05-2002.08.11/msg00306.html.
> This has the lines from the END PGP PUBLIC KEY BLOCK line onward.
> The last lines of the ringsig.c file should be:
> 
> BjHTDH0VZeu3IxUFh37w2fIEehL8WrXvCoCMFnd1/bnn/qI/STXgg6as579/yBIJ
> nJra7Ceru4q4wUssK79T6SdOM6wcvVg96ub4UOTaPO4wYhhadCbLFpl3tPfTLceb
>  */
> 
> 
> 3. Compile ringsig.c using the openssl library, to form an executable file
> "ringsig".  Try running ringsig and you will get a usage message.
> 
> 
> 4. Get the two perl scripts from
> http://www.inet-one.com/cypherpunks/dir.2002.08.05-2002.08.11/msg00313.html
> and save them as "ringver" and "ringsign".
> 
> 
> 5. Run the ringsig.c file through the "pgp" program to create a PGP key
> ring file from the PGP PUBLIC KEY BLOCK data.  With the command line
> version of PGP 2.6.2 the command is:
> 
> pgp -ka ringsig.c sigring.pgp
> 
> This will also show you the set of keys, one of which made the signature.
> 
> *** COULD SOMEONE PLEASE FOLLOW THE STEPS ABOVE AND PUT THE ringsig.c,
> ringsign, ringver, AND sigring.pgp FILES ON A WEB PAGE SO THAT PEOPLE
> CAN DOWNLOAD THEM WITHOUT HAVING TO GO THROUGH ALL THESE STEPS? ***

Once it works, I'll happily do that, but...

> 6. Finally, the verification step: run the ringver perl script, giving the
> PGP key file created in step 5 as an argument, and giving it the ringsig.c
> file as standard input:
> 
> ./ringver sigring.pgp < ringsig.c
> 
> This should print the message "Good signature".

ben@scuzzy:~/tmp/multisign$ ./ringver pubring.pkr < testwhole
ERROR: Bad signature

(Incidentally, this was the procedure I followed in the first place, 
except I manually broke the file into parts, rather than using ringver).

I still suggest sending the relevant file as an attachment, so it 
doesn't get mangled in transit.

I wonder how many people are now convinced I didn't write this code? ;-)

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/

Available for contract work.

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Re: Signing as one member of a set of keys

2002-08-17 Thread Anonymous 

Steps to verify the "ring signature" file (note: you must have the openssl
library installed):


1. Save http://www.inet-one.com/cypherpunks/dir.2002.08.05-2002.08.11/msg00221.html,
as text, to the file ringsig.c.  Delete the paragraph of explanation, and/or any
HTML junk, so the file starts with:

/* Implementation of ring signatures from
 * http://theory.lcs.mit.edu/~rivest/RivestShamirTauman-HowToLeakASecret.pdf
 * by Rivest, Shamir and Tauman

and it ends with:

lPglqmmy3p4D+psNU1rlNv6yH/L0PgcuW7taVpbopjl4HLuJdWcKHJlXish3D/jb
eoQ856fYFZ/omGiO9x1D0BsnGFLZVWob4OIZRzO/Pc49VIhFy5NsV2zuozStId89
[...]
 */


2. The "[...]" above is where a remailer caused some of the signature
to be stripped out.  Replace the last few lines of ringsig.c with the
text from
http://www.inet-one.com/cypherpunks/dir.2002.08.05-2002.08.11/msg00306.html.
This has the lines from the END PGP PUBLIC KEY BLOCK line onward.
The last lines of the ringsig.c file should be:

BjHTDH0VZeu3IxUFh37w2fIEehL8WrXvCoCMFnd1/bnn/qI/STXgg6as579/yBIJ
nJra7Ceru4q4wUssK79T6SdOM6wcvVg96ub4UOTaPO4wYhhadCbLFpl3tPfTLceb
 */


3. Compile ringsig.c using the openssl library, to form an executable file
"ringsig".  Try running ringsig and you will get a usage message.


4. Get the two perl scripts from
http://www.inet-one.com/cypherpunks/dir.2002.08.05-2002.08.11/msg00313.html
and save them as "ringver" and "ringsign".


5. Run the ringsig.c file through the "pgp" program to create a PGP key
ring file from the PGP PUBLIC KEY BLOCK data.  With the command line
version of PGP 2.6.2 the command is:

pgp -ka ringsig.c sigring.pgp

This will also show you the set of keys, one of which made the signature.

*** COULD SOMEONE PLEASE FOLLOW THE STEPS ABOVE AND PUT THE ringsig.c,
ringsign, ringver, AND sigring.pgp FILES ON A WEB PAGE SO THAT PEOPLE
CAN DOWNLOAD THEM WITHOUT HAVING TO GO THROUGH ALL THESE STEPS? ***


6. Finally, the verification step: run the ringver perl script, giving the
PGP key file created in step 5 as an argument, and giving it the ringsig.c
file as standard input:

./ringver sigring.pgp < ringsig.c

This should print the message "Good signature".


7. How do you know what this means?  For that you have to read the paper
referenced in the program to become convinced of the theory, and then to
study the program to be convinced that it implements the algorithm in the
paper.


8. To create your own signatures, create a PGP keyring file which holds
your own key as well as the keys of other people that you want people to
think might have issued the signature.  They must all be RSA public keys.
Create a PGP secring.pgp file which holds just your secret key, and change
your passphrase on that key to be blank.  (This is temporary, you can
change it back or delete the secring.pgp when you are done.)  Then use
the ringsign perl script:

"./ringsign filetosign pubkeyfile privkeyfile > outfile"

This will append a signature to the file you are signing.  You also need
to make sure the recipient knows the pubkeyfile, so you may want to send
that separately, or include it in the file being signed as was done in
this case.


9.  Please report whether you were able to succeed, and if not, which step
failed for you.  BTW there are a couple of papers on ring signatures to
be presented at Crypto 02 so there might be some new improvements coming
to the code if the ideas look good.  One possibility is extending them
to work with DSS keys in addition to the current RSA keys.

Re: Signing as one member of a set of keys

2002-08-15 Thread Ben Laurie 

Anonymous User wrote:
> This program can be used by anonymous contributors to release partial
> information about their identity - they can show that they are someone
> from a list of PGP key holders, without revealing which member of the
> list they are.  Maybe it can help in the recent controvery over the
> identity of anonymous posters.  It's a fairly low-level program that
> should be wrapped in a nicer UI.  I'll send a couple of perl scripts
> later that make it easier to use.

Hmm. So has anyone managed to get the signature to verify? Doesn't work 
for me! But perhaps things got mangled in the mail? Or I chose the wrong 
subset of the email to verify (I tried all the obvious ones)? Sending 
this stuff as attachments instead of inline would work better, of course.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/

Available for contract work.

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Re: Signing as one member of a set of keys

2002-08-13 Thread Len Sassaman 

Interesting. Unless some clever at jobs were involved, this was likely not
written by Ian or Ben. I can vouch that Ian was not near a computer at the
time the second message (with the complete signature) was posted, and Ben
was somewhere over the Atlantic in an airplane, unlikely to be reading his
mail. Lance has probably been too busy with Anonymizer 2.0 to be a good
choice, and I also suspect that Pr0duct Cypher is the same as one of the
people in that list. I'll put my money on the author being one of the last
three people in that list.




   

  Adam Back

 
  .org>cc:   [EMAIL PROTECTED], 
[EMAIL PROTECTED], Adam Back <[EMAIL PROTECTED]>
  Sent by:     Subject:  Re: Signing as one member of 
a set of keys
  owner-cypherpunks

  @lne.com 

   

   

  08/09/2002 12:11 

  PM   

   

   




Very nice.

Nice plausible set of candidate authors also:

pub  1022/5AC7B865 1992/12/01  [EMAIL PROTECTED]
pub  1024/2B48F6F5 1996/04/10  Ian Goldberg <[EMAIL PROTECTED]>
pub  1024/97558A1D 1994/01/10  Pr0duct Cypher 
pub  1024/2719AF35 1995/05/13  Ben Laurie <[EMAIL PROTECTED]>
pub  1024/58214C37 1992/09/08  Hal Finney <[EMAIL PROTECTED]>
pub  1024/C8002BD1 1997/03/04  Eric Young <[EMAIL PROTECTED]>
pub  1024/FBBB8AB1 1994/05/07  Colin Plumb <[EMAIL PROTECTED]>

Wonder if we can figure out who is most likely author based on coding
style from such a small set.

It has (8 char) TABs but other wise BSD indentation style (BSD
normally 4 spaces).  Also someone who likes triply indirected pointers
***blah in there.  Has local variables inside even *if code blocks*
eg, inside main() (most people avoid that, preferring to declare
variables at the top of a function, and historically I think some
older gcc / gdb couldn't debug those variables if I recall).  Very
funky use of goto in getpgppkt, hmmm.  Somewhat concise coding and
variable names.

Off the cuff guess based on coding without looking at samples of code
to remind, probably Colin or Ian.

Of course (Lance Cottrell/Ian Goldberg/Pr0duct Cypher/Ben Laurie/Hal
Finney/Eric Young/Colin Plumb) possibly deviated or mimicked one of
their coding styles.  Kind of interesting to see a true nym in there
also.

Also the Cc -- Coderpunks lives?  I think the Cc coderpunks might be a
clue also, I think some of these people would know it died.  I think
that points more at Colin.

Other potential avenue might be implementation mistake leading to
failure of the scheme to robustly make undecidable which of the set is
the true author, given alpha code.

Adam

On Fri, Aug 09, 2002 at 03:52:56AM +, Anonymous User wrote:
> This program can be used by anonymous contributors to release partial
> information about their identity - they can show that they are someone
> from a list of PGP key holders, without revealing which member of the
> list they are.  Maybe it can help in the recent controvery over the
> identity of anonymous posters.  It's a fairly low-level program that
> should be wrapped in a nicer UI.  I'll send a couple of perl scripts
> later that make it easier to use.

Re: Signing as one member of a set of keys

2002-08-11 Thread Adam Shostack 

Of course, the paranoid amonsgt us now believe that Mr. Back wrote the
code, and is engaging in a little misdirection below.

"Thanks for making the analysis easy!"

;)


On Fri, Aug 09, 2002 at 08:11:15PM +0100, Adam Back wrote:
| Very nice.  
| 
| Nice plausible set of candidate authors also:
| 
| pub  1022/5AC7B865 1992/12/01  [EMAIL PROTECTED]
| pub  1024/2B48F6F5 1996/04/10  Ian Goldberg <[EMAIL PROTECTED]>
| pub  1024/97558A1D 1994/01/10  Pr0duct Cypher 
| pub  1024/2719AF35 1995/05/13  Ben Laurie <[EMAIL PROTECTED]>
| pub  1024/58214C37 1992/09/08  Hal Finney <[EMAIL PROTECTED]>
| pub  1024/C8002BD1 1997/03/04  Eric Young <[EMAIL PROTECTED]>
| pub  1024/FBBB8AB1 1994/05/07  Colin Plumb <[EMAIL PROTECTED]>
| 
| Wonder if we can figure out who is most likely author based on coding
| style from such a small set.
| 
| It has (8 char) TABs but other wise BSD indentation style (BSD
| normally 4 spaces).  Also someone who likes triply indirected pointers
| ***blah in there.  Has local variables inside even *if code blocks*
| eg, inside main() (most people avoid that, preferring to declare
| variables at the top of a function, and historically I think some
| older gcc / gdb couldn't debug those variables if I recall).  Very
| funky use of goto in getpgppkt, hmmm.  Somewhat concise coding and
| variable names.
| 
| Off the cuff guess based on coding without looking at samples of code
| to remind, probably Colin or Ian.
| 
| Of course (Lance Cottrell/Ian Goldberg/Pr0duct Cypher/Ben Laurie/Hal
| Finney/Eric Young/Colin Plumb) possibly deviated or mimicked one of
| their coding styles.  Kind of interesting to see a true nym in there
| also.
| 
| Also the Cc -- Coderpunks lives?  I think the Cc coderpunks might be a
| clue also, I think some of these people would know it died.  I think
| that points more at Colin.
| 
| Other potential avenue might be implementation mistake leading to
| failure of the scheme to robustly make undecidable which of the set is
| the true author, given alpha code.
| 
| Adam
| 
| On Fri, Aug 09, 2002 at 03:52:56AM +, Anonymous User wrote:
| > This program can be used by anonymous contributors to release partial
| > information about their identity - they can show that they are someone
| > from a list of PGP key holders, without revealing which member of the
| > list they are.  Maybe it can help in the recent controvery over the
| > identity of anonymous posters.  It's a fairly low-level program that
| > should be wrapped in a nicer UI.  I'll send a couple of perl scripts
| > later that make it easier to use.
| 

-- 
"It is seldom that liberty of any kind is lost all at once."
   -Hume

Re: Signing as one member of a set of keys

2002-08-11 Thread Jim Choate 


If you think that will make the problem easy or definitive...

For a start check out,

Springer Series in Statistics
Applied Bayesian and Classical Inference: The Cast of The Federalist
Papers
F. Mosteller, D.L. Wallace
ISBN 0-387-90991-5
ISBN 0-540-90991-5

On Sun, 11 Aug 2002, Adam Shostack wrote:

> Of course, the paranoid amonsgt us now believe that Mr. Back wrote the
> code, and is engaging in a little misdirection below.
> 
> "Thanks for making the analysis easy!"
> 
> ;)
> 
> 
> On Fri, Aug 09, 2002 at 08:11:15PM +0100, Adam Back wrote:
> | Very nice.  
> | 
> | Nice plausible set of candidate authors also:
> | 
> | pub  1022/5AC7B865 1992/12/01  [EMAIL PROTECTED]
> | pub  1024/2B48F6F5 1996/04/10  Ian Goldberg <[EMAIL PROTECTED]>
> | pub  1024/97558A1D 1994/01/10  Pr0duct Cypher 
> | pub  1024/2719AF35 1995/05/13  Ben Laurie <[EMAIL PROTECTED]>
> | pub  1024/58214C37 1992/09/08  Hal Finney <[EMAIL PROTECTED]>
> | pub  1024/C8002BD1 1997/03/04  Eric Young <[EMAIL PROTECTED]>
> | pub  1024/FBBB8AB1 1994/05/07  Colin Plumb <[EMAIL PROTECTED]>
> | 
> | Wonder if we can figure out who is most likely author based on coding
> | style from such a small set.
> | 
> | It has (8 char) TABs but other wise BSD indentation style (BSD
> | normally 4 spaces).  Also someone who likes triply indirected pointers
> | ***blah in there.  Has local variables inside even *if code blocks*
> | eg, inside main() (most people avoid that, preferring to declare
> | variables at the top of a function, and historically I think some
> | older gcc / gdb couldn't debug those variables if I recall).  Very
> | funky use of goto in getpgppkt, hmmm.  Somewhat concise coding and
> | variable names.
> | 
> | Off the cuff guess based on coding without looking at samples of code
> | to remind, probably Colin or Ian.
> | 
> | Of course (Lance Cottrell/Ian Goldberg/Pr0duct Cypher/Ben Laurie/Hal
> | Finney/Eric Young/Colin Plumb) possibly deviated or mimicked one of
> | their coding styles.  Kind of interesting to see a true nym in there
> | also.
> | 
> | Also the Cc -- Coderpunks lives?  I think the Cc coderpunks might be a
> | clue also, I think some of these people would know it died.  I think
> | that points more at Colin.
> | 
> | Other potential avenue might be implementation mistake leading to
> | failure of the scheme to robustly make undecidable which of the set is
> | the true author, given alpha code.
> | 
> | Adam
> | 
> | On Fri, Aug 09, 2002 at 03:52:56AM +, Anonymous User wrote:
> | > This program can be used by anonymous contributors to release partial
> | > information about their identity - they can show that they are someone
> | > from a list of PGP key holders, without revealing which member of the
> | > list they are.  Maybe it can help in the recent controvery over the
> | > identity of anonymous posters.  It's a fairly low-level program that
> | > should be wrapped in a nicer UI.  I'll send a couple of perl scripts
> | > later that make it easier to use.
> | 
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."
>  -Hume
>

Re: Signing as one member of a set of keys

2002-08-11 Thread Anonymous User 

Here are the perl scripts I cobbled together to put the ring signature
at the end of the file, after a separator.  I called the executable
program from the earlier C source code "ringsig".  I call these ringver
and ringsign.  I'm no perl hacker so these could undoubtedly be greatly
improved.

ringver
===
#! /usr/bin/perl

# Usage: $0 pubkeyfile < filetoverify

die("Usage: ringver pubkeyfile < filetoverify") if @ARGV != 1;

$outfile = "/tmp/sigdata$$";
$sigfile = "/tmp/sigfile$$";
$separator = "  \\+\\+multisig v1\\.0";

$pubfile=$ARGV[0];

-r $pubfile || die ("Error reading $pubfile");

open (OUTFILE, ">".$outfile) || die ("Unable to open $outfile for output");
open (SIGFILE, ">".$sigfile) || die ("Unable to open $sigfile for output");

# Skip leading blank lines on input file
$_= while /^$/;

# Save lines to outfile until separator
print OUTFILE $_;
while () {
last if /$separator/;
print OUTFILE $_;
}

die ("No signature found in input file") if !$_;

# Save remaining lines ot sigfile
print SIGFILE while ;

close INFILE;
close OUTFILE;
close SIGFILE;

open (SIG, "./ringsig -v $outfile $pubfile < $sigfile |") ||
die ("Error running verify program");

# Print output from program
print while ;
close SIG;

unlink($sigfile);
unlink($outfile);

exit($?);








ringsign
===
#! /usr/bin/perl

# Usage: $0 filetosign pubkeyfile privkeyfile

die("Usage: ringsign filetosign pubkeyfile privkeyfile > outfile") if
@ARGV < 3;

$outfile = "/tmp/sigdata$$";
$separator = "  ++multisig v1.0";

open(INFILE, $ARGV[0]) || die ("Unable to open $ARGV[0] for input");
$pubfile=$ARGV[1];
$secfile=$ARGV[2];

-r $pubfile || die ("Error reading $pubfile");
-r $secfile || die ("Error reading $secfile");

open (OUTFILE, ">".$outfile) || die ("Unable to open $outfile for output");

# Skip leading blank lines on input file
$_= while /^$/;

# Save lines to outfile
print OUTFILE $_;
print OUTFILE $_ while ;

close INFILE;
close OUTFILE;

# Re-open infile
open(INFILE, $ARGV[0]) || die ("Unable to open $ARGV[0] for input");

open (SIG, "./ringsig -s $outfile $pubfile $secfile|") ||
die ("Error signing");

@sigs = ;
close SIG;
die ("Error from signature program") if ($?);

# Output infile, separator, sig
print while ;
print $separator . "\n";
print @sigs;

unlink($outfile);

Re: Signing as one member of a set of keys

2002-08-10 Thread Anonymous 

Here are the perl scripts I cobbled together to put the ring signature
at the end of the file, after a separator.  I called the executable
program from the earlier C source code "ringsig".  I call these ringver
and ringsign.  I'm no perl hacker so these could undoubtedly be greatly
improved.

ringver
===
#! /usr/bin/perl

# Usage: $0 pubkeyfile < filetoverify

die("Usage: ringver pubkeyfile < filetoverify") if @ARGV != 1;

$outfile = "/tmp/sigdata$$";
$sigfile = "/tmp/sigfile$$";
$separator = "  \\+\\+multisig v1\\.0";

$pubfile=$ARGV[0];

-r $pubfile || die ("Error reading $pubfile");

open (OUTFILE, ">".$outfile) || die ("Unable to open $outfile for output");
open (SIGFILE, ">".$sigfile) || die ("Unable to open $sigfile for output");

# Skip leading blank lines on input file
$_= while /^$/;

# Save lines to outfile until separator
print OUTFILE $_;
while () {
last if /$separator/;
print OUTFILE $_;
}

die ("No signature found in input file") if !$_;

# Save remaining lines ot sigfile
print SIGFILE while ;

close INFILE;
close OUTFILE;
close SIGFILE;

open (SIG, "./ringsig -v $outfile $pubfile < $sigfile |") ||
die ("Error running verify program");

# Print output from program
print while ;
close SIG;

unlink($sigfile);
unlink($outfile);

exit($?);








ringsign
===
#! /usr/bin/perl

# Usage: $0 filetosign pubkeyfile privkeyfile

die("Usage: ringsign filetosign pubkeyfile privkeyfile > outfile") if
@ARGV < 3;

$outfile = "/tmp/sigdata$$";
$separator = "  ++multisig v1.0";

open(INFILE, $ARGV[0]) || die ("Unable to open $ARGV[0] for input");
$pubfile=$ARGV[1];
$secfile=$ARGV[2];

-r $pubfile || die ("Error reading $pubfile");
-r $secfile || die ("Error reading $secfile");

open (OUTFILE, ">".$outfile) || die ("Unable to open $outfile for output");

# Skip leading blank lines on input file
$_= while /^$/;

# Save lines to outfile
print OUTFILE $_;
print OUTFILE $_ while ;

close INFILE;
close OUTFILE;

# Re-open infile
open(INFILE, $ARGV[0]) || die ("Unable to open $ARGV[0] for input");

open (SIG, "./ringsig -s $outfile $pubfile $secfile|") ||
die ("Error signing");

@sigs = ;
close SIG;
die ("Error from signature program") if ($?);

# Output infile, separator, sig
print while ;
print $separator . "\n";
print @sigs;

unlink($outfile);

RE: Signing as one member of a set of keys

2002-08-10 Thread Lucky Green 

Anonymous wrote:
> 
> Here is the signature block from the "ring signature" program 
> which got truncated.  I'll try sending it through a few 
> different anon remailers until it gets through.  Replace the 
> lines from the earlier posting starting with the "END PGP 
> PUBLIC KEY BLOCK" line.

I seem to still have problems with the signature block. If somebody on
this list has a good copy, could you please place it on a web page and
publish the URL? If nobody has a good copy, could perhaps Anonymous try
a different method of posting, such as uuencoding?

Thanks,
--Lucky

Re: Signing as one member of a set of keys

2002-08-10 Thread Anonymous 

Here is the signature block from the "ring signature" program which got
truncated.  I'll try sending it through a few different anon remailers
until it gets through.  Replace the lines from the earlier posting
starting with the "END PGP PUBLIC KEY BLOCK" line.



-END PGP PUBLIC KEY BLOCK-

  ++multisig v1.0
pEsBwalpBRxWyJR8tkYm6qR27UW9IT6Vg8SlOHIsEkk04RJvoSy0cy4ISFCq6vDX
5ub6c+MYi/UoyR6tI7oqpMu1abcXWm2DkfDiCsD6jQddVkiiYdG7Bih8JWdWmp5l
AgzqUoz14671/ezmWSrPNsTNKV96+ZLEanZsqfkpQcnZpLkWVpJzQFe0VgDQ64b2
+e2efrbknLFq0FTdX7Sh3qzAfzNYYgADmeOxDoTm9sb6T0fULf1P7mjiN2LZXuEW
m/8QvksaQi9KGa/0xN2m0heNtS1cfsTa+NJz8XYyG/tnMy7+mvI3c3lrnz+6Dpyp
pbNwaX+12VcqtfNec9faoq8RJgFxmSO/ZfMOGM8cFBQ75ZOaoBJP5ObHZ/63FFh5
Wh5GzwJjQs0vLwpM3iF6G+IixEqAQYisUdCopP1wXCLgltDM6l7jRlXxNDj0AXQ1
eQJolo32vemcy8Z8GAn5tpQHmJwpdzZpboWRQY53pD4mVnEMN4GBC1mhbbI2z+Oh
lPglqmmy3p4D+psNU1rlNv6yH/L0PgcuW7taVpbopjl4HLuJdWcKHJlXish3D/jb
eoQ856fYFZ/omGiO9x1D0BsnGFLZVWob4OIZRzO/Pc49VIhFy5NsV2zuozStId89
mAHWyZ59wWUg9UrkasOAmSd8bkGK4PxM4tWhJxoyGVHZaBHXdBl4V2H0+szRibUC
OZpY9V0rkrLE5U8gmOgg/faFeInJJ09SCxtgptV8MLdzsoHXRlN1YA0Qy5NBwmuL
EaGJ/iq8OLNKbVpMNqTFHccCjcUW2smduan+I9MMnNbg74dttuw1H2jAx9jbnYP4
4Nc4+TVlNAfQr3M7c4L+lfDYXSYCzN5uOHvGqOkg2+G5KCcPsaPwi2C2lC8eItti
uVDqlvDylgVHaZFQIGepZ5VcDlvxYjbi8qFi9uOutfAXMfmVfoPsPPGkkigX3ypZ
FLInE/vu4i3BzwYgxU0SMnv9g2R5+GhE8gqQ1x2knOo/QZ4DJnMaW4wt6wwRZPWQ
YJyykW0lTD/LkmOqIeVWleXWBW8vlJ20hCP6RKMgE2tnrQBYtFwZlNW2nFPZmOqX
HDvF92xHmCHRbpu/MjrxSs8ByAs4cyN77w8f1Gxph9Xcd5iKjdXmJTAs30AzE4uS
UjxkAakiTtzjodYvY+fOl1ZYA2/OEGDfC73Xdib9gwD9JWEQz8sjelKIEPdqyvNH
BjHTDH0VZeu3IxUFh37w2fIEehL8WrXvCoCMFnd1/bnn/qI/STXgg6as579/yBIJ
nJra7Ceru4q4wUssK79T6SdOM6wcvVg96ub4UOTaPO4wYhhadCbLFpl3tPfTLceb
 */

Re: Signing as one member of a set of keys

2002-08-10 Thread Meyer Wolfsheim 

On Fri, 9 Aug 2002, Anonymous User wrote:

> This program can be used by anonymous contributors to release partial
> information about their identity - they can show that they are someone
> from a list of PGP key holders, without revealing which member of the
> list they are.  Maybe it can help in the recent controvery over the
> identity of anonymous posters.  It's a fairly low-level program that
> should be wrapped in a nicer UI.  I'll send a couple of perl scripts
> later that make it easier to use.
>
> ===

Most delightful. Thank you for reminding us that Cypherpunks do indeed
write code. More comments in a bit.

[MW SNIP]

>   ++multisig v1.0
> pEsBwalpBRxWyJR8tkYm6qR27UW9IT6Vg8SlOHIsEkk04RJvoSy0cy4ISFCq6vDX
> 5ub6c+MYi/UoyR6tI7oqpMu1abcXWm2DkfDiCsD6jQddVkiiYdG7Bih8JWdWmp5l
> AgzqUoz14671/ezmWSrPNsTNKV96+ZLEanZsqfkpQcnZpLkWVpJzQFe0VgDQ64b2
> +e2efrbknLFq0FTdX7Sh3qzAfzNYYgADmeOxDoTm9sb6T0fULf1P7mjiN2LZXuEW
> m/8QvksaQi9KGa/0xN2m0heNtS1cfsTa+NJz8XYyG/tnMy7+mvI3c3lrnz+6Dpyp
> pbNwaX+12VcqtfNec9faoq8RJgFxmSO/ZfMOGM8cFBQ75ZOaoBJP5ObHZ/63FFh5
> Wh5GzwJjQs0vLwpM3iF6G+IixEqAQYisUdCopP1wXCLgltDM6l7jRlXxNDj0AXQ1
> eQJolo32vemcy8Z8GAn5tpQHmJwpdzZpboWRQY53pD4mVnEMN4GBC1mhbbI2z+Oh
> lPglqmmy3p4D+psNU1rlNv6yH/L0PgcuW7taVpbopjl4HLuJdWcKHJlXish3D/jb
> eoQ856fYFZ/omGiO9x1D0BsnGFLZVWob4OIZRzO/Pc49VIhFy5NsV2zuozStId89
> [...]
>  */

That [...] you see is an artifact of the anonymous remailer you were
using. Mixmaster, I believe, gives the option to truncate messages which
appear to include binary encoded data. PGP messages are explicitly allowed
to be sent.

Immediate problem: we can't verify your signature.

Short term solution: find a remailer that allows binary posting.

Long term solution: perhaps contact the Mixmaster authors and ask them to
explicitly allow "multisig" data?


-MW-

Re: Signing as one member of a set of keys

2002-08-09 Thread Adam Back 

Very nice.  

Nice plausible set of candidate authors also:

pub  1022/5AC7B865 1992/12/01  [EMAIL PROTECTED]
pub  1024/2B48F6F5 1996/04/10  Ian Goldberg <[EMAIL PROTECTED]>
pub  1024/97558A1D 1994/01/10  Pr0duct Cypher 
pub  1024/2719AF35 1995/05/13  Ben Laurie <[EMAIL PROTECTED]>
pub  1024/58214C37 1992/09/08  Hal Finney <[EMAIL PROTECTED]>
pub  1024/C8002BD1 1997/03/04  Eric Young <[EMAIL PROTECTED]>
pub  1024/FBBB8AB1 1994/05/07  Colin Plumb <[EMAIL PROTECTED]>

Wonder if we can figure out who is most likely author based on coding
style from such a small set.

It has (8 char) TABs but other wise BSD indentation style (BSD
normally 4 spaces).  Also someone who likes triply indirected pointers
***blah in there.  Has local variables inside even *if code blocks*
eg, inside main() (most people avoid that, preferring to declare
variables at the top of a function, and historically I think some
older gcc / gdb couldn't debug those variables if I recall).  Very
funky use of goto in getpgppkt, hmmm.  Somewhat concise coding and
variable names.

Off the cuff guess based on coding without looking at samples of code
to remind, probably Colin or Ian.

Of course (Lance Cottrell/Ian Goldberg/Pr0duct Cypher/Ben Laurie/Hal
Finney/Eric Young/Colin Plumb) possibly deviated or mimicked one of
their coding styles.  Kind of interesting to see a true nym in there
also.

Also the Cc -- Coderpunks lives?  I think the Cc coderpunks might be a
clue also, I think some of these people would know it died.  I think
that points more at Colin.

Other potential avenue might be implementation mistake leading to
failure of the scheme to robustly make undecidable which of the set is
the true author, given alpha code.

Adam

On Fri, Aug 09, 2002 at 03:52:56AM +, Anonymous User wrote:
> This program can be used by anonymous contributors to release partial
> information about their identity - they can show that they are someone
> from a list of PGP key holders, without revealing which member of the
> list they are.  Maybe it can help in the recent controvery over the
> identity of anonymous posters.  It's a fairly low-level program that
> should be wrapped in a nicer UI.  I'll send a couple of perl scripts
> later that make it easier to use.