Re: Encrypted chat - Anonymous identification protocol

Anonymous (nobody@replay.com)
Fri, 28 Aug 1998 21:01:17 +0200

• Next message: Lewis McCarthy: "Re: Crypto Coding Project"
• Previous message: Perry E. Metzger: "Re: Re[2]: Crypto Coding Project"
• In reply to: mlynn@west.raytheon.com: "Re[2]: Crypto Coding Project"

Mike Stay -

> Does anyone know how to exchange identities such that neither
> participant can learn the identity of the other unless both are valid
> and without a trusted third party?

You'd want to look into gradual and mutual exchange of secrets, a standard
cryptographic protocol. The parties take turns sending one bit of their
names or keys. Either one can break off at any time, but they won't have
much of an advantage over the other one in terms of ease of identifyting.
There are even protocols to release fractional bits.

It's more complicated if you want to make sure that the parties aren't
lying about their identies. You'd need some kind of certification from
a mutually trusted party to bind their names to keys, they'd have to
prove they know the corresponding private keys, and that the bits they
are sending come from that certificate. This involves a lot of zero
knowledge proofs. There may be some in the literature which are suitable,
but I'd have to do a search. Do you want me to?

H

• Next message: Lewis McCarthy: "Re: Crypto Coding Project"
• Previous message: Perry E. Metzger: "Re: Re[2]: Crypto Coding Project"
• In reply to: mlynn@west.raytheon.com: "Re[2]: Crypto Coding Project"