[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [freehaven-dev] Re: request for comments on Mixnet Reputations paper



-----BEGIN PGP SIGNED MESSAGE-----

dmolnar@belegost.mit.edu wrote:
> On Wed, 13 Dec 2000, David Hopwood wrote:
> 
> >    Note that it would not be correct to assume that "To N_j: foo"
> >    has appeared on the ledger before, because there are many other
> >    possible ciphertexts that can decrypt to (I_{j+1}, bar).
> 
> This means life would be much simpler if we had a PKCS which was
> ciphertext collision resistant if public keys are allowed to vary, it
> seems.

In this case it wouldn't help: at the very least, there are distinct
ciphertexts with different seeds that decrypt to (I_{j+1}, bar).
I think it's simpler not to assume any kind of ciphertext collision
resistance other than the version that is implied by unambiguous
decryption.

- -- 
David Hopwood <hopwood@zetnet.co.uk>

Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5  0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBOjeJBTkCAxeYt5gVAQFe+wf9E/bDpcM10hgUMioA31HpNTImXoUQCIk9
Bxd4HTmdPLaJ6MlM8OLaKe28igEGKxCjRIyDp4DeuQA8YGAQQM78bRXf719+wMM+
t1EliavPRsk/C1fhp065OI0nVFa3pDYNLvVUpU6crDQJr++xXt+sDmpRNc9OoDRs
xx8mauqg31mCXJ9WqovDalO5t+I6LWeOuNoCLDCR8rijutxrXPiNTLJD33WcqJ0T
KZiwJDdCFz8RJzvZF8Sod9VSn6WPODKYJ8s8XeowHnl5Wio7TrP7gCCbKPjTBwGg
sbADhPi9KGBO4oEDp0PURiWfdekyT5pNnbz5rOmhkQjoaDgrw2EndQ==
=dpHK
-----END PGP SIGNATURE-----