[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [freehaven-dev] Re: request for comments on Mixnet Reputationspaper

To: freehaven-dev@freehaven.net
Subject: Re: [freehaven-dev] Re: request for comments on Mixnet Reputationspaper
From: dmolnar@belegost.mit.edu
Date: Tue, 12 Dec 2000 22:15:55 -0500 (EST)
Delivery-Date: Tue, 12 Dec 2000 22:16:06 -0500
In-Reply-To: <3A36E14F.5F76EAFB@zetnet.co.uk>
Reply-To: freehaven-dev@freehaven.net
Sender: owner-freehaven-dev@freehaven.net

On Wed, 13 Dec 2000, David Hopwood wrote:

>    Note that it would not be correct to assume that "To N_j: foo"
>    has appeared on the ledger before, because there are many other
>    possible ciphertexts that can decrypt to (I_{j+1}, bar).

This means life would be much simpler if we had a PKCS which was
ciphertext collision resistant if public keys are allowed to vary, it
seems. Anna Lysyanskaya suggested Cramer-Shoup; we hadn't pursued it
because we thought we could get by with fixed-key ciphertext collision
resistant/free. 

I don't think we'll put together a proof that CS is ciphertext collisin
resisant in the next few hours (we might come up with a counterexample,
but that's unlikely since we have to respond to this in the paper now. :) 
Even so, this may motivate mentioning it as an open problem in the paper. 

Thanks again, 
-David

Follow-Ups:
- Re: [freehaven-dev] Re: request for comments on Mixnet Reputations paper
  - From: David Hopwood <hopwood@zetnet.co.uk>

References:
- Re: [freehaven-dev] Re: request for comments on Mixnet Reputations paper
  - From: David Hopwood <hopwood@zetnet.co.uk>

Prev by Date: Re: [freehaven-dev] Re: request for comments on Mixnet Reputations paper
Next by Date: Re: [freehaven-dev] Re: request for comments on Mixnet Reputations paper
Prev by thread: Re: [freehaven-dev] Re: request for comments on Mixnet Reputations paper
Next by thread: Re: [freehaven-dev] Re: request for comments on Mixnet Reputations paper
Index(es):
- Date
- Thread