Adam Back wrote:
On Mon, May 10, 2004 at 02:42:04AM +, Jason Holt wrote:
Another approach to hiding membership is one of the techniques
proposed for non-transferable signatures, where you use construct:
RSA-sig_A(x),RSA-sig_B(y) and verification is x xor y = hash(message).
Where the sender is p
Gap may be I'm misunderstanding something about the HC approach.
We have:
P = (P1 or P2) is encoded HC_E(R,p) = {HC_E(R,P1),HC_E(R,P2)}
so one problem is marking, the server sends you different R values:
{HC_E(R,P1),HC_E(R',P2)}
so you described one way to fix that by using symmetri
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 10 May 2004, Adam Back wrote:
> OK that sounds like it should work. Another approach that occurs is
> you could just take the plaintext, and encrypt it for the other
> attributes (which you don't have)? It's usually not too challenging
> to
On Mon, May 10, 2004 at 08:02:12PM +, Jason Holt wrote:
> Adam Back wrote:
> > [...] However the server could mark the encrypted values by encoding
> > different challenge response values in each of them, right?
>
> Yep, that'd be a problem in that case. In the most recent (unpublished)
> p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 10 May 2004, Adam Back wrote:
> After that I was presuming you use a signature to convince the server
> that you are authorised. Your comment however was that this would
> necessarily leak to the server whether you were a doctor or an AIDs
>
On Mon, May 10, 2004 at 02:42:04AM +, Jason Holt wrote:
> > However can't one achieve the same thing with encryption: eg an SSL
> > connection and conventional authentication?
>
> How would you use SSL to prove fulfillment without revealing how?
> You could get the CA to issue you a "patient
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, 9 May 2004, Adam Back wrote:
> and seeing that it is a completely different proposal essentially
> being an application of IBE, and extension of the idea that one has
> multiple "identities" encoding attributes. (The usual attribute this
> a
[copied to cpunks as cryptography seems to have a multi-week lag these
days].
OK, now having read:
> http://isrl.cs.byu.edu/HiddenCredentials.html
> http://isrl.cs.byu.edu/pubs/wpes03.pdf
and seeing that it is a completely different proposal essentially
being an application of IBE, and extension
