[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [freehaven-dev] Re: request for comments on Mixnet Reputations paper
-----BEGIN PGP SIGNED MESSAGE-----
dmolnar@belegost.mit.edu wrote:
> On Wed, 13 Dec 2000, David Hopwood wrote:
>
> > Note that it would not be correct to assume that "To N_j: foo"
> > has appeared on the ledger before, because there are many other
> > possible ciphertexts that can decrypt to (I_{j+1}, bar).
>
> This means life would be much simpler if we had a PKCS which was
> ciphertext collision resistant if public keys are allowed to vary, it
> seems.
In this case it wouldn't help: at the very least, there are distinct
ciphertexts with different seeds that decrypt to (I_{j+1}, bar).
I think it's simpler not to assume any kind of ciphertext collision
resistance other than the version that is implied by unambiguous
decryption.
- --
David Hopwood <hopwood@zetnet.co.uk>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBOjeJBTkCAxeYt5gVAQFe+wf9E/bDpcM10hgUMioA31HpNTImXoUQCIk9
Bxd4HTmdPLaJ6MlM8OLaKe28igEGKxCjRIyDp4DeuQA8YGAQQM78bRXf719+wMM+
t1EliavPRsk/C1fhp065OI0nVFa3pDYNLvVUpU6crDQJr++xXt+sDmpRNc9OoDRs
xx8mauqg31mCXJ9WqovDalO5t+I6LWeOuNoCLDCR8rijutxrXPiNTLJD33WcqJ0T
KZiwJDdCFz8RJzvZF8Sod9VSn6WPODKYJ8s8XeowHnl5Wio7TrP7gCCbKPjTBwGg
sbADhPi9KGBO4oEDp0PURiWfdekyT5pNnbz5rOmhkQjoaDgrw2EndQ==
=dpHK
-----END PGP SIGNATURE-----