Cryptography Update on NIST PQ Crypto submissions |
- Update on NIST PQ Crypto submissions
- Wyden, Rubio, Warner introduce senate bill based on secure multiparty computation
- GPG on iOS
- Uber's use of encrypted messaging may set legal precedents
- Matrix.org team asks for best practices when backing up keys server-side - I thought maybe reddit can help?
- How might I authenticate a user without knowing their identity?
Update on NIST PQ Crypto submissions Posted: 01 Dec 2017 11:48 PM PST |
Wyden, Rubio, Warner introduce senate bill based on secure multiparty computation Posted: 01 Dec 2017 08:43 AM PST |
Posted: 01 Dec 2017 11:48 PM PST GPG on iOS is hard. Anyone have a view on this app? Canary Mail by Mailr Tech LLP https://itunes.apple.com/ie/app/canary-mail/id1155470386?mt=8 Interesting but can it be trusted? [link] [comments] |
Uber's use of encrypted messaging may set legal precedents Posted: 01 Dec 2017 12:14 PM PST |
Posted: 01 Dec 2017 05:56 AM PST |
How might I authenticate a user without knowing their identity? Posted: 01 Dec 2017 02:28 AM PST The title is not very good, but I'm having trouble describing this succinctly. I have in mind a scenario that looks a bit like this:
I would also like to make these time-limited, so that the client must return within a fairly short period of time, and single-use. Perhaps even more generally, I wish to prove that a returning user has an account with the service already (perhaps with some special property), but without being able to know which one. This creates a rather interesting kind of privacy. I'm not sure where to look for constructs that can do this kind of thing. One interesting mechanism I found is blind signatures. The user might generate a random token, blind it, and have it signed. Then they can remove the blinding and later show the service that it signed some token, without knowing who it was for. It can store the token so that it cannot be used again. However, my poor working knowledge of RSA leads me to believe the client could just present any random data and pretend it's a signature, since there's no way to validate it. This might work if I require the token to have some specific structure, since there should be no practical way for that to come out by chance. This idea also has some key management problems: the service could try to sneakily use different keys for each user, and identifying them when they return based on which key works. As a solution, the key could be long-lived and well known, but this seems generally unwise, and makes it hard to replace if compromised. Additionally, there's no obvious way to make these tokens valid only for a limited duration. I would need something like a way for the service to prove that the blinded token it's signing contains the rough current time. There might also be some kind of zero-knowledge set membership proof, or homomorphic encryption may apply, or maybe ring signatures look interesting, but I'm still researching along these angles and they may not be suitably efficient. And you never know, maybe there's something cheap that can be done with more standard and common primitives. Any advice on where I might look for solutions to this? Or if it's likely to be possible? [link] [comments] |
You are subscribed to email updates from Cryptography news and discussions. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
No comments:
Post a Comment