Re: Encrypted chat - Anonymous identification protocol

Frank O'Dwyer (fod@brd.ie)
Mon, 24 Aug 1998 11:43:33 +0100

• Next message: Mok-Kong Shen: "Re: big Integer math"
• Previous message: Andrew Patterson: "Re: Key Storage on Machines + Information on SSL"
• Maybe in reply to: Hafeez Bana: "Key Storage on Machines + Information on SSL"
• Next in thread: Mike Stay: "Re: Encrypted chat - Anonymous identification protocol"

At 17:22 23/08/98 -0400, you wrote:
>Berke Durak writes:
>> Problem Level I
>>
>> Two people meet on an anonymous chat network. They wish to know, without
>> revealing information to the network, if they already know eachother, and if
>> this is the case, they want to identity themselves.
>>
>> Naive/Trivial Solution I
>>
>> Establish a crypted link. Send identities. Authenticate using public keys or
>> whatever.
>>
>> Problem Level II
>>
>> Two other people meet on the same network. They again wish to identify
>> eachother, but no one wants to reveal his identity (i.e. his public key ID
>> or whatever) to strangers.
>
>It helps to recognize an existing level of indirection in the situation.
>These identification problems only seem to be meaningful where each of the
>"anonymous" parties adopts a cryptographic pseudonym for chatting on the
>network. By `cryptographic pseudonym` I just mean that each person signs her
>chat messages with a self-signed private/public key pair generated exclusively
>for use on the anon chat net. That way the person creates a cryptographically
>verifiable persona whose true identity one might wish to ascertain.
>
>Now suppose each party also distributes a public encryption key, signed with
>the pseudonym's signing key and generated expressly for use on the anon chat
>net. Then that public encryption key can be used directly to communicate a
>true identity, and a public key ID thereof, without revealing either to the
>other chat participants.

This sort of thing may not work if the identity search space
is small. For example, if you subsequently use the "true identity"
key to sign stuff in the open chat, and the attacker knows you are
1 of N people (where N is "small"), then just attempting to verify
signatures with all N keys reveals the "true identity".

Cheers,
Frank O'Dwyer.

• Next message: Mok-Kong Shen: "Re: big Integer math"
• Previous message: Andrew Patterson: "Re: Key Storage on Machines + Information on SSL"
• Maybe in reply to: Hafeez Bana: "Key Storage on Machines + Information on SSL"
• Next in thread: Mike Stay: "Re: Encrypted chat - Anonymous identification protocol"