Let’s design a type of digital signature algorithm that can only be verified by the intended recipients.
-
Let’s design a type of digital signature algorithm that can only be verified by the intended recipients.
-
Piko Starsider :verified_paw:replied to Soatok Dreamseeker last edited by
@soatok If I understood it correctly, it relies on the fact that nobody in the group wants to publish their private key. But if a recipient can bear the consequences of publishing it then they can prove that the sender sent it.
To mitigate this problem I can think of a couple of things. One is having a way to ensure that all members of the pack have information that they would never want to reveal, which can be decrypted with their private keys. Another way is kind of the opposite, where all private keys matter so little that they can be leaked and then people can't prove that the sender is the one that actually sent it. In other words, the problem only presents itself when the sender doesn't want their their private key to be published and the recipient doesn't mind if theirs does.
Does that make any sense, or did I misunderstood it?
-
Riley S. Faelanreplied to Soatok Dreamseeker last edited by
@soatok This is relevant to my interests.
-
Soatok Dreamseekerreplied to Soatok Dreamseeker last edited by
Some more peer review came in:
Hi, yes, just one question: What the fuck?
Thank you.
I happen to know a good therapist if you need one.
Pass, but thanks.
-
Riley S. Faelanreplied to Piko Starsider :verified_paw: last edited by
@starsider This sort of thing is one of the many reasons why cryptographic tokens that secret keys are excruciatingly hard to extract from are pragmatically useful, even though they're theoretically problematic.
-
Piko Starsider :verified_paw:replied to Riley S. Faelan last edited by
-
Riley S. Faelanreplied to Piko Starsider :verified_paw: last edited by
@starsider Your proposed compromise is easier to do, and easier to do without the specific assistance of the recipient, if there's a reasonably simple way to copy the secret key whose presence allows strong verification of the signature in question. If it is hard to copy, and has, for many interesting attack models, to be either surrendered by or taken away from the recipient, then a whole bunch of potential paths of compromise will become much less practical, or even practically non-practical.
-
@soatok does giving people back massages count as therapy?
because when I'm stressed I need a back to massage.
their poor back.