[CFRG] Partially blind issuance and proofs on revealed values (and a syntax change)
Watson Ladd <watsonbladd@gmail.com> Mon, 08 April 2024 18:01 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DAFC6C151065 for <cfrg@ietfa.amsl.com>; Mon, 8 Apr 2024 11:01:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ptbHc-vm5xc3 for <cfrg@ietfa.amsl.com>; Mon, 8 Apr 2024 11:01:01 -0700 (PDT)
Received: from mail-wr1-x430.google.com (mail-wr1-x430.google.com [IPv6:2a00:1450:4864:20::430]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD3A7C14F69D for <cfrg@irtf.org>; Mon, 8 Apr 2024 11:01:01 -0700 (PDT)
Received: by mail-wr1-x430.google.com with SMTP id ffacd0b85a97d-344047ac7e4so1390936f8f.0 for <cfrg@irtf.org>; Mon, 08 Apr 2024 11:01:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712599259; x=1713204059; darn=irtf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=ref8BuiPC9es8PkTNGXUD0evrWnIMhQ/TQfQHGeQ1wE=; b=VN/8CZbMiT/1p9mIhQ+rUA7bc1amsLa7A2p/wgv4/RXLI24VRhNMIeqDhYPVXcGACA MA/Nf2rTjoB00RnqlViKeyKTofMFe0PQcZ424X9KuG3PYm0LYYHIpQ+zO40cwJ1KhbhL UGUG1fMFDvPCgWpXTXiox6mt5yosYg2BTNwmgZH5t7/FmxYf3HKQ4paCLPYabGzuWOBW 91lZbC7n+jJFFhEKzbs7JpTa/Z2zk8yrgIeUAc4I+8RYQOxruJZl/nJ7SWC0jijTIzGC 8aPsj5DRdF4KZdSxCIrfbr9ue87b4i3bvbZowFaAsfIA2tW0WmSBpHS8h/rYas974V3r p92g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712599259; x=1713204059; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=ref8BuiPC9es8PkTNGXUD0evrWnIMhQ/TQfQHGeQ1wE=; b=ijarIVQwdt83TDnhphh5LoOcND4WZDJJFfloWVTLkyugrmizeDoTf1AR1YLccfjS0x K86Aurx2ieJjUz6aja8NCIBbI8ZayASp+T/aYxSZAZMw0FgR+PUUNJcfTV74R5BEUKt9 ijOxU7mZsfpF+zsE/x/uyeEQadxXuR7pqYc5gly9Ksi3bR+qPaRBeBOrCOIFDb43CnkO vii3+WiDzBxCQ0SNLtu3kL52aP9vEvFcS3rx1S+x3lzG+2A6rxubwRw/FsXkyNiUrMlP K4Ed/IMTH0kDyNjoe6zKvZDB1IVLKhw6FJ9RfMNJADz9LlXQuH6YFLoPXd6vpcGXHCLF wLsQ==
X-Gm-Message-State: AOJu0Yw9gNJ/ZsqjQNUnMR6doJoBDqHRrGekU/JpYRvTg3ICpTbWemQX 43r32LLgyRInmnlOQ0eIt74h1aUWBMvPbq+DEHkp2i7c2t/RXWZDxdkVlDSyYCwx3dPI3RLXzkz n3l18N5S0H4iaXpahKcKAAoSaX1zpeUo5
X-Google-Smtp-Source: AGHT+IEnLi9/Yskg3sKDqFM4futqqAYjMUR4nVrAy4vn5zXgbQNiMRGbNjBxa4oRUjoda8K/N40xHfY82GmXTpztAck=
X-Received: by 2002:a05:6000:c8a:b0:343:c05b:e7dd with SMTP id dp10-20020a0560000c8a00b00343c05be7ddmr337408wrb.3.1712599259356; Mon, 08 Apr 2024 11:00:59 -0700 (PDT)
MIME-Version: 1.0
From: Watson Ladd <watsonbladd@gmail.com>
Date: Mon, 08 Apr 2024 11:00:47 -0700
Message-ID: <CACsn0cnQF7zO=KnYFcXpNL5ibkzkaE7KdYv5341Q7yoPERoatQ@mail.gmail.com>
To: CFRG <cfrg@irtf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/n4CD3A2MtlEpaq5MLeXpwEP1xic>
Subject: [CFRG] Partially blind issuance and proofs on revealed values (and a syntax change)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Apr 2024 18:01:04 -0000
Dear CFRG, In the course of working on BBS for privacy pass we've come up with two additional features and a small tweak that I think are worth discussing here. The first change is we'd like partially blind issuance: there should be an attribute where the signer doesn't know the value. This can be done through the fully blind issuance protocol, with a proof of correct representation for the hidden value. The second change is doing proofs over messages. We'd like to be able to show statements involving discrete logarithms in G1 where the witness is one of the messages. This enables things like PRF evaluations for rate limiting. The syntax change is to have generators be hashes of key names, so that we can have names not numbers for attributes. This just makes life easier. Sincerely, Watson Ladd -- Astra mortemque praestare gradatim
- [CFRG] Partially blind issuance and proofs on rev… Watson Ladd
- Re: [CFRG] Partially blind issuance and proofs on… Orie Steele
- Re: [CFRG] Partially blind issuance and proofs on… Watson Ladd