[cryptography] How are expired code-signing certs revoked? (nonrepudiation)
Adam Back
adam at cypherspace.org
Thu Dec 22 00:40:37 PST 2011
Stefan Brands credentials [1] have an anti-lending feature where you have to
know all of the private components in order to make a signature with it.
My proposal related to what you said was to put a high value ecash coin as
one of the private components. Now they have a direct financial incentive -
if they get hacked and their private keys stolen they lose $1m untraceably.
Now thats quite reassuring - and encapsulates a smart contract where they
get an automatic fine, or good behavior bond. I think you could put a
bitcoin in there instead of a high value Brands based ecash coin. Then you
could even tell that it wasnt collected by looking in the spend list.
Adam
[1] http://www.cypherspace.org/credlib/ a library implementing Brands
credentials - it has pointers to the uprove spec, Brands thesis in pdf form
etc.
On Thu, Dec 22, 2011 at 07:17:21AM +0000, John Case wrote:
>
> On Wed, 7 Dec 2011, Jon Callas wrote:
>
>> Nonrepudiation is a somewhat daft belief. Let me give a
>> gedankenexperiment. Suppose Alice phones up Bob and says, "Hey, Bob, I
>> just noticed that you have a digital nature from me. Well, ummm, I
>> didn't do it. I have no idea how that could have happened, but it
>> wasn't me." Nonrepudiation is the belief that the probability that
>> Alice is telling the truth is less than 2^{-128}, assuming a 3K RSA
>> key or 256-bit ECDSA key either with SHA-256. Moreover, if that
>> signature was made with an ECDSA-521 bit key and SHA-512, then the
>> probability she's telling the truth goes down to 2^{-256}.
>>
>> I don't know about you, but I think that the chance that Alice was
>> hacked is greater than 1 in 2^128. In fact, I'm willing to believe
>> that the probability that somehow space aliens, or Alice has an
>> unknown evil twin, or some mad scientist has invented a cloning ray
>> is greater than one in 2^128. Ironically, as the key size goes up,
>> then Alice gets even better excuses. If we used a 1k-bit ECDSA key
>> and a 1024-bit hash, then new reasonable excuses for Alice suggest
>> themselves, like that perhaps she *considered* signing but didn't in
>> this universe, but in a nearby universe (under the many-worlds
>> interpretation of quantum mechanics, which all the cool kids believe
>> in this week) she did, and that signature from a nearby universe
>> somehow leaked over.
>
>
> This is silly - it assumes that there are only two intepretations of
> her statement:
>
> - a true "collision" (something arbitrary computes to her digital
> signature, which she did not actually invoke) which is indeed as
> astronomically unlikely as you propose.
>
> - another unlikely event whose probability happens to be higher than
> the "collision".
>
> But of course there is a much simpler, far more likely explanation, and
> that is that she is lying.
>
> However ... this did get me to thinking ...
>
> Can't this problem be solved by forcing Alice to tie her signing key to
> some other function(s)[1] that she would have a vested interest in
> protecting AND an attacker would have a vested interest in exploiting ?
>
> I'm thinking along the lines of:
>
> "I know Alice didn't get hacked because I see her bank account didn't
> get emptied, or I see that her ecommerce site did not disappear".
>
> "I know Alice didn't get hacked because the bitcoin wallet that we
> protected with her signing key still has X bitcoins in it, where X is
> the value I perceived our comms/transactions to be worth."
>
> Or whatever.
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list