[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [freehaven-dev] Micali's Exchange protocol



I think there are a few issues with Micali's Exchance protocol
that don't extend well to what we need for freehaven.  I'm
not sure how much was drawn up after I left at 5pm, but it sounded
like it was mainly going in the direction of the trust system,
without solving the fair exchance problem.

Here's my thought with Micali's protocol:

If we think of a two-way system, i.e.

1. A sends X = E(PK_T, (A,B,M1)) to B
2. B sends receipt R(X) and Y = E(PK_T, (A,B,M2)) to A
3. A sends receipt R(Y) and M1 to B
4. B sends M2 to A

(We talked today about picking T.  A actually sends (T, X) to
B, B's receipt is R(T, X), an acknowledgement of agreeing to
use T as a TTP.)

The problem I see is basically that there's actually no response
that the *message* itself it received by either A or B.  What the
receipts are for is X,Y (the encryption "hash" that can be used
to test if what A/B initially commit to is valid (i.e. no
repudiation)).  Let's say A fails to do step 3.  Well, B checks
with T.  So, what receipt do we have to prove that B actually
receives M1 from T?  T's word that he sends it out (which is
somewhat interesting in our freehaven "trust" model) and our
belief that nothing is ever lost across the mixnet (i.e., T
says he sent it to B, B *must* have received it...big uhhhh...)

I think this brings us back to square one with using a TTP,
that's what we talked about a lot today...

Wondering if I'm totally mistaken,
--mike