[cc'd to coderpunks] On Sun, 13 Oct 1996, Steve Schear wrote:
Steve Shear <azur@netcom.com> writes:
[much cut]
I've been charged with developing an Internet service which needs to assure its clients of anonymity. However, we fear some clients may abuse the service and we wish to prevent the abusers from re-enrollment if terminated for misbehavior. (In your example, it would be the person(s) trying to discover the service host via flood).
My thought was to base enrollment on some sort of 'blinding' of their certified signature (e.g., from Verisign) which produces a unique result for each signature but prevents the service from reconstructing the signature itself (and thereby reveal the client's identity). I'm calling this negative authentication.
Have you come across anyone who has considered this problem or another one which is mathematically very similar?
Stefan Brands has a protocol that probably does what you want. And also would form the basis for anonymous internet "postage stamps"... It is unpublished, but he kindly allowed to me describe it in a paper I wrote that discussed whether a bank would ever want to take the risk of allowing bank accounts where it did not know the identity of the customer. The protocol is described at http://www.law.miami.edu/~froomkin/articles/oceanno.htm#ENDNOTE286 [A frames version of the same paper is at http://www.law.miami.edu/~froomkin/articles/ocean.htm but it's harder to jump straight to the footnote you want in that version] **Benjamin Bradley Froomkin, b. Sept. 13, 1996, 8 lbs 14.5oz 21.5"** **Age two weeks: 9 lbs 12 oz, 23"** A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin@law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's warm here.