On Fri, 29 Dec 2000, Wei Dai wrote:
middlemen and contracts - Franklin and Durfee
Do you have a citation for Franklin and Durfee? Neither Google nor CiteSeer turned up anything.
Probably because I didn't give the correct title of the paper. It's the same one I referred to in a previous message "Distribution Chain Security" M. Franklin and G. Durfee ACM CCS 2000 http://citeseer.nj.nec.com/332962.html It's actually a not-bad example of how a "standard" crypto component is taken and then tweaked for use in a particular protocol. The standard component is a homomorphic commitment scheme designed by Cramer and Damg*rd and published in 1998. This paper shows how to use it to prove a series of contracts satisfies certain relations w/o revealing the contracts - and then adds a method to make the particular relations they care about more efficient. well, OK, "published in 1998" is not exactly "standard", but still. Now, you could try to represent this in an object-oriented language by something like "DurfeeFranklinCommitmentScheme inherits from CramerDamgardCommitmentScheme inherits from CommitmentScheme" , but I'm not sure if you could get real reuse this way. Especially since it seems that a paper can't get published for a cool idea alone - it needs to have some real crypto in it. So most new papers will have an AuthorAAuthorBCommitmentScheme. (Another example: the "Identity Escrow" paper in Crypto '98 by Kilian and Petrank. The idea - extend 'key escrow' to identities - is pretty straightforward. "Anyone on this list" could have come up with that. What separates the authors from "anyone on this list" is the fact that they came up with the idea *and* a reasonable and interesting crypto way to do it, together with a notion of security and a proof that they meet that notion.) -David