[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] [address@hidden: 'Oh, that's an idea...': U.S. parents respo

From: Jeff Burdges
Subject: Re: [Taler] [address@hidden: 'Oh, that's an idea...': U.S. parents respond to China screen time ban]
Date: Mon, 6 Sep 2021 11:54:05 +0200

> On 6 Sep 2021, at 05:09, Richard Stallman <rms@gnu.org> wrote:
>> Anonymous authentications via ring VRFs permits the developer to
>> specify exact control over this “context”, so like every users
>> gets a different identity in each chat room and on each day or
>> whatever.  Although a downside is its a bit easier to add
>> attributes besides ring membership.
> I don't have the background to understand this, sorry.

Imagine a “purchase” vs “subscription” model.  Ring VRFs permit users to 
“subscribe” by joining a ring aka set, but then across an unlimited number of 
sites the subscribers have an identity that unique for each site but unlinkable 
between sites.

An RSA-FDH signature is pretty close to a VRF:  User signs the site’s name with 
their own RSA key and the the RSA signature itself acts like the user’s 
identity.  We just need a zero-knowledge proof to hide the user’s RSA key while 
proving their key lives in the ring, aka is a subscriber’s key. 

We’d never use RSA-FDH for this in practice, but instead we glue a unique 
function into an elliptic curve signature (using a DLEQ proof).

> On 6 Sep 2021, at 05:11, Richard Stallman <rms@gnu.org> wrote:
>>> There is however a problem of authenticating the context, but what I’d 
>>> suggest there is that TLS certificates embed whatever attributes like age 
>>> the site requests. In other words, if a site wants over 18 then they must 
>>> say so in their TLS certificate and users not over 18 could not create 
>>> anonymous identity on that site because their own browser would not do so.
>> And how is this supposed to work with Free software?  The user's program 
>> refuses to do what the user wants; this looks suspiciously like DRM.
> Indeed, if the browser is free software, users could modify it to disregard 
> the server's demands.

I already debunked Jacob's statement upthread:  You cannot modify a browser to 
make a zero-knowledge proof of a false statement.  It’s like forging a 


reply via email to

[Prev in Thread] Current Thread [Next in Thread]