[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freehaven-dev] Re: universally verifiable secret sharing
If only the public key is required to retreive data, can we do this :
After the pieces of the document are created and signed, the private key
can be destroyed. After the private key is destroyed, it seems difficult
to prove a node was the one which originally introduced a piece of data to
the network, even if that node is corrupted later. The downside is that
more shares cannot be signed after the private key is destroyed.
This would be useful in a situation in which there would be more
punishment for being the original author than for mere posession. Then
even if the adversary somehow has a "hunch" about the identity of the
author, he might find nothing on the author's HD to confirm his
suspicion. assuming the author gets rid of all records, anyway.
Another question :
the current proposal under Retrieving says that you
need to know the hash of the data segment in order to retrieve it.
Instead of needing to know both the public key and the hash, can
we fix it such that the string "hash(data segment)" _is_ the public key?
On Thu, 27 Jan 2000, Ron Rivest wrote:
> Yes, you're right. Excellent. The document is identified by the
> public key that is used to sign the pieces. Pieces not signed by that
> key don't belong to the corresponding document. The retrieval process
> takes as input the public key and retrieves all the parts signed by
> that public key.
> ------- Start of forwarded message -------
> To: email@example.com
> Subject: Re: [freehaven-dev] universally verifiable secret sharing
> In-Reply-To: Your message of "Thu, 27 Jan 2000 14:32:23 EST."
> Date: Thu, 27 Jan 2000 16:10:06 -0500
> From: Joseph Sokol-Margolis <seph@MIT.EDU>
> Sender: firstname.lastname@example.org
> Reply-To: email@example.com
> X-To-Get-Off-This-List: mail firstname.lastname@example.org, body unsubscribe freehaven-dev
> > * universal verification : _anyone_, not just the parties involved
> > in the original sharing, can verify
> > whether a given share is "valid."
> In the system Roger and talked about, this was mostly done. Each piece
> of data contained, in addition to the data, the owner (a mix-net
> address), a public key, and a signiture.
> This reduces the problem of verfication to verification that the key
> contained is the correct one. You could further reduce it, by not
> containing a public key, and assuming pk servers. (though this has the
> disadvantage of limiting each mix address to a given key)
> ------- End of forwarded message -------