1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
Return-Path: <eric@voskuil.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 24F4288A
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 30 Jun 2016 11:56:49 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-pf0-f175.google.com (mail-pf0-f175.google.com
[209.85.192.175])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 735EA179
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 30 Jun 2016 11:56:48 +0000 (UTC)
Received: by mail-pf0-f175.google.com with SMTP id t190so28921010pfb.3
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 30 Jun 2016 04:56:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=voskuil-org.20150623.gappssmtp.com; s=20150623;
h=mime-version:subject:from:in-reply-to:date:cc
:content-transfer-encoding:message-id:references:to;
bh=G2NSRMUyl4Q73fC+ezEy76PT2JVYcOfIEs+d0vvjIw8=;
b=lPrBpMLtarA/J0ZFhcbgdZzUGBAi8MPi+kxLSbAfkQwOROOslXeHa/gyVkRaLGVLHQ
eZbTLlxovt5RNzvVVw/eu6Qga4EedbjECfFr94dgKxU7AQtaDhT1rPP/InYJpQyX6c42
AMTgSvsjNfN6m395pNNvbGPCjRpGQRBIRrZmcZpB+sl0khJxrRKRQx1yMDmkukgI4qBy
UANvqIatOLwsyoZInQorFXDoknfy1XmQdsJ1owJ8vlBMjGDLJod5ZFoz0JwTesn6WLVE
3XuLbeT9387BlR/HmCzL2I57T8a9Cqnujk4lMKsYYvm5qYk5qT16mGDkJ4nnq8oPjcs4
pkVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
:content-transfer-encoding:message-id:references:to;
bh=G2NSRMUyl4Q73fC+ezEy76PT2JVYcOfIEs+d0vvjIw8=;
b=jfHWjntR2njwO4ZLL6N8X7meDRNYClq/TdjLzuccU+guQcMV0cCzJ4Aj/Lm4AjOx9e
DQ7sLed/j8IA5YSvPtNekBo9i6bn1gY/OsxR0d0D3lzqfmJt6K7aGf8LC7ldmLEdiLC1
LVnNoZ593bSz0TEl0bRjlUScyK4z6ywt1bUToMzpPXmJT51bgCEGVx/PSgs/f0ro1PnL
/fZWIl2Wh0uL2J7BbgQFv2sfPQ6D1Y0briTHoA+3IVAatS57C5orP4DRmGxIA+h1dWa1
WmxjsS6jqxJCVHnTorgwecErIDnIGkqxwp91qHEzFudjX8fPePokBJnrIb8zVD/uEtPW
NWug==
X-Gm-Message-State: ALyK8tIhImrQaCM3hhXbAmJRknpT24Db1Wi00ayuPYKjAhHja9nLB1g+rFvWV+Tg+NeBXQ==
X-Received: by 10.98.9.141 with SMTP id 13mr20584577pfj.130.1467287808035;
Thu, 30 Jun 2016 04:56:48 -0700 (PDT)
Received: from [10.171.23.222] ([166.170.43.16])
by smtp.gmail.com with ESMTPSA id
by5sm5313208pad.36.2016.06.30.04.56.46
(version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Thu, 30 Jun 2016 04:56:47 -0700 (PDT)
Content-Type: text/plain;
charset=us-ascii
Mime-Version: 1.0 (1.0)
From: Eric Voskuil <eric@voskuil.org>
X-Mailer: iPhone Mail (13F69)
In-Reply-To: <20160629111728.GO13338@dosf1.alfie.wtf>
Date: Thu, 30 Jun 2016 13:56:42 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <2981A919-4550-4807-8ED9-F8C51B2DC061@voskuil.org>
References: <87h9cecad5.fsf@rustcorp.com.au>
<1E86A00F-0609-4DBC-9543-94AE04CC13C9@voskuil.org>
<577234A4.3030808@jonasschnelli.ch>
<360EF9B8-A174-41CA-AFDD-2BC2C0B4DECB@voskuil.org>
<20160629111728.GO13338@dosf1.alfie.wtf>
To: Alfie John <alfie@alfie.wtf>
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, MIME_QP_LONG_LINE,
RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] BIP 151
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jun 2016 11:56:49 -0000
Hi Alfie,
Yes, this is exactly what I meant. The complexity of the proposed constructi=
on is comparable to that of Bitcoin itself. This is not itself prohibitive, b=
ut it is clearly worthy of consideration.
A question we should ask is whether decentralized anonymous credentials is a=
pplicable to the authentication problem posed by BIP151. I propose that it i=
s not.
The core problem posed by BIP151 is a MITM attack. The implied solution (BIP=
151 + authentication) requires that a peer trusts that another is not an att=
acker.=20
Authentication of an anonymous peer cannot achieve this objective, since the=
peer may be anyone and an attack on privacy can be undetectable. The identi=
ty of a peer must be known to the relying peer, either directly or transitiv=
ely.
DAC is applicable in cases where identity is never required. The prime exam=
ple in the paper is that of first-come-first-served name registration. No id=
entity is required in that scenario, just proof that a party in question is t=
he original registrant. All participants are presumed to be "good".
I believe that a distributed anonymous system is fundamentally at odds with i=
solation of "good" vs. "bad" participants who comply with protocol rules (Do=
S considerations aside), and that any attempt to resolve this conflict will r=
esult in the system no longer allowing anonymous participation.
I may be mistaken, but I haven't found a way out of this realization.
e
> On Jun 29, 2016, at 1:17 PM, Alfie John <alfie@alfie.wtf> wrote:
>=20
> On Tue, Jun 28, 2016 at 06:45:58PM +0200, Eric Voskuil via bitcoin-dev wro=
te:
>>> then we should definitively use a form of end-to-end encryption between
>>> nodes. Built into the network layer.
>>=20
>> Widespread application of this model is potentially problematic. It is a
>> non-trivial problem to design a distributed system that requires authenti=
cation
>> but without identity and without central control. In fact this may be mor=
e
>> challenging than Bitcoin itself. Trust on first use (TOFU) does not solve=
this
>> problem.
>=20
> Maybe the following paper can feed into this discussion:
>=20
> "Decentralized Anonymous Credentials" by Christina Garman, Matthew Green, I=
an Miers
> https://eprint.iacr.org/2013/622.pdf
>=20
> Alfie
>=20
> --=20
> Alfie John
> https://www.alfie.wtf
|