your favorite protocols

[dmolnar]

On Fri, 29 Dec 2000, Wei Dai wrote:

> > middlemen and contracts		- Franklin and Durfee
> 
> Do you have a citation for Franklin and Durfee? Neither Google nor
> CiteSeer turned up anything.

Probably because I didn't give the correct title of the paper. It's the
same one I referred to in a previous message

"Distribution Chain Security"
M. Franklin and G. Durfee
ACM CCS 2000
http://citeseer.nj.nec.com/332962.html

It's actually a not-bad example of how a "standard" crypto component is
taken and then tweaked for use in a particular protocol. The standard
component is a homomorphic commitment scheme designed by Cramer and
Damg*rd and published in 1998. This paper shows how to use it to prove a
series of contracts satisfies certain relations w/o revealing the
contracts - and then adds a method to make the particular relations they
care about more efficient. 

well, OK, "published in 1998" is not exactly "standard", but still.

Now, you could try to represent this in an object-oriented language by
something like "DurfeeFranklinCommitmentScheme inherits from
CramerDamgardCommitmentScheme inherits from CommitmentScheme" , but I'm
not sure if you could get real reuse this way. Especially since it seems
that a paper can't get published for a cool idea alone - it
needs to have some real crypto in it. So most new papers will have an
AuthorAAuthorBCommitmentScheme.

(Another example: the "Identity Escrow" paper in Crypto '98 by Kilian and
Petrank. The idea - extend 'key escrow' to identities - is pretty
straightforward. "Anyone on this list" could have come up with that. What
separates the authors from "anyone on this list" is the fact that they
came up with the idea *and* a reasonable and interesting crypto way to do
it, together with a notion of security and a proof that they meet that
notion.)

-David