Members of Parliament Problem
I read awhile ago that certain members of Parliament do not speak their mind regarding the situation in Northern Ireland. The reason they give is that they have children and they fear the IRA. There are times when one wishes to speak anonymously, yet speak as a member of a group. Is there a way to take published public keys and combine them with your own in such a way that your identity is not compromised, but it is clear beyond a doubt that you control one of a set of public keys? Peter Hendrickson ph@netcom.com
-----BEGIN PGP SIGNED MESSAGE----- On Thu, 14 Nov 1996, Peter Hendrickson wrote:
I read awhile ago that certain members of Parliament do not speak their mind regarding the situation in Northern Ireland. The reason they give is that they have children and they fear the IRA.
There are times when one wishes to speak anonymously, yet speak as a member of a group.
Is there a way to take published public keys and combine them with your own in such a way that your identity is not compromised, but it is clear beyond a doubt that you control one of a set of public keys?
One way would be to have some trusted third party issue a signature for any key that belongs to a member of the group. The problem with this method is that the certificate issuer knows which keys belong to which members. This can be solved by blind-signing the keys. A single secret key could be distributed to every member, but this is vulnerable to security problems. Also, it would be impossible to determine if a group of messages were each issued by different people or if it was the same person. I don't know if there is any better cryptographic protocol to handle a situation like this. Oblivious signatures might be a possibility, but I don't know how they work and if they could be used in such a protocol. Mark - -- finger -l for PGP key PGP encrypted mail prefered. -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMowjzizIPc7jvyFpAQGWnQf/fH+RLAE8AUW8CrASprXuHZH/z2/30M6l zWeC8E43dh1Hy4YLqeNyKNblHp717vla2/EeOJQUuKN0FBMdJoJVGP+dH4BKMgWA mobfOhq+n+vDQCvwonkrjy2oq5+2ULS6uIkGLvaMRrCWwJ9wElE6LHOAo/Tz9Y8p 71ICTn6k9z6V67Aeu/5q0GyY4QrLdPZqxNpjW7LqGkV5LNTTttqxCiWlrpRqLRJu 81qgBrDZtTG0nB8emqW3lpTag48yyeePAAYMuryLQ3y7lDfrQloZ+t5MtOgnrUlw dVvQ2hIn9KVNKlkmJi/7aLFUZxp5jNaEtP1+LxPGHouiJC3utp3cJA== =I6hn -----END PGP SIGNATURE-----
Most of the usual arguments about disallowing anonymity actually apply to a Parliment. There is a responsibility involved in the execution of power. This is not to condone attacking children, or killing ones political opponents. For an MP to imply that something he wants to say will likely get him/his kids killed probably means that he wants to use the power of the state in some way likely to quite upset at least a few people. If this is the case, then allowing him to anonymously, and without responsibility, direct the power of the state is congruent to tyranny. To answer the technical end of your question, you could build a DC net where joining required a signed key, or build a mix which will only accept messages signed by a member of the group. If the mixmasters all agree to only accept messages signed by the group, then each mixmaster can be made a member of the group, and sign its outbound messages as being recieved with a signature, allowing anonymous chaining. Adam Peter Hendrickson wrote: | I read awhile ago that certain members of Parliament do not speak | their mind regarding the situation in Northern Ireland. The reason | they give is that they have children and they fear the IRA. | | There are times when one wishes to speak anonymously, yet speak | as a member of a group. | | Is there a way to take published public keys and combine them with | your own in such a way that your identity is not compromised, but | it is clear beyond a doubt that you control one of a set of public | keys? -- "It is seldom that liberty of any kind is lost all at once." -Hume
Peter Hendrickson wrote:
I read awhile ago that certain members of Parliament do not speak their mind regarding the situation in Northern Ireland. The reason they give is that they have children and they fear the IRA.
There are times when one wishes to speak anonymously, yet speak as a member of a group.
Is there a way to take published public keys and combine them with your own in such a way that your identity is not compromised, but it is clear beyond a doubt that you control one of a set of public keys?
One way to implement this would be to set up a remailer that only accepts input signed by a key on its ring. Or just share a secret key. It would have to be timestamped, i.e., "104th Congress Key." You either need to trust a shared server to know and then blind your identity, or trust the people with whom you share a secret key not to give that key to non-group members. -rich
On Fri, 15 Nov 1996, Rich Graves wrote:
Peter Hendrickson wrote:
There are times when one wishes to speak anonymously, yet speak as a member of a group.
You either need to trust a shared server to know and then blind your identity, or trust the people with whom you share a secret key not to give that key to non-group members.
Why not use blinding for obtaining the certificate? Create a number up public/private key pairs, blind them, then do the cut-and-choose thing with the security officer. He signs the blinded key, then returns it. Unblind the remaining pubic key, and you've got a public key with the appropriate signature on it. Simon --- If I can get my key back, it's Key Recovery If you can get my key back, it's Key Escrow
Simon Spero <ses@tipper.oit.unc.edu> writes:
On Fri, 15 Nov 1996, Rich Graves wrote:
Peter Hendrickson wrote:
There are times when one wishes to speak anonymously, yet speak as a member of a group.
You either need to trust a shared server to know and then blind your identity, or trust the people with whom you share a secret key not to give that key to non-group members.
Why not use blinding for obtaining the certificate?
Create a number up public/private key pairs, blind them, then do the cut-and-choose thing with the security officer. He signs the blinded key, then returns it. Unblind the remaining pubic key, and you've got a public key with the appropriate signature on it.
Reasonable, except that it's linkable. You may not want it to be linkable, because the more messages signed with the key, the greater the chance that speech paterns give away the speaker. Adam -- print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
On Sun, 17 Nov 1996, Adam Back wrote:
Simon Spero <ses@tipper.oit.unc.edu> writes:
Reasonable, except that it's linkable. You may not want it to be linkable, because the more messages signed with the key, the greater the chance that speech paterns give away the speaker.
How about using ephemerialish keys (keys issued in big batches, etc)? All you need is a quick way to generate a few hundred or thousand RSA keys... Simon
participants (6)
-
Adam Back -
Adam Shostack -
Mark M. -
ph@netcom.com -
Rich Graves -
Simon Spero