OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: The difficulty of making non-hashable tokens
From: Ben Laurie (benalgroup.co.uk)
Date: Mon Apr 24 2000 - 05:14:58 CDT

Mike Rosing wrote:
>
> On Sun, 23 Apr 2000, Bram Cohen wrote:
>
> > Yes, that could be done with my failed method as well, keeping the
> > exponents in a secret database, which you can query to ask for some public
> > identifier to a private power, but never get the private keys.
> >
> > Come to think of it, that might actually be a bit more useful than the
> > primitive I was thinking of, because it allows comparisons to be precisely
> > controlled, while the primitive I was talking about merely makes them more
> > expensive.
> >
> > The next question, of course, is whether the queries to do the
> > exponentiation can be blinded ...
>
> I think that as long as there is at least 1 secret, then there should be
> no problem with blinding either. From a theoretical perspective that's
> not a stretch. It's the implementation that's going to be hard. You need
> at least 1 machine physically secured as well as logically to make this
> work. I suspect it'd be too much handshaking, but I suppose it depends on
> the number of requests and where the machines are located and how many you
> can afford to make secure. (Like something I saw in UK, somebody bought
> and old government bunker and put a whole bunch of secure servers in it,
> for a really high fee of course!)

<plug mode="shameless">
That'll be my company (http://www.thebunker.net), and we think our fees
are pretty reasonable (for the UK, where bandwidth costs amounts that
regularly make Yanks faint). In fact, for what you get, they aren't bad
for just plain old hosting, let alone the highly secure hosting we
provide.
</plug>

Cheers,

Ben. 

--
http://www.apache-ssl.org/ben.html