Artifact Content
Not logged in

Artifact acb8bef6a5b3e4be8388ede6aeb03698e9a787c8:

Wiki page [Experiment: Chainsignature] by martin_vahi on 2019-03-24 14:37:06.
D 2019-03-24T14:37:06.287
L Experiment:\sChainsignature
P 52262cd2a652027f7fa14050dc6e5d94e43286bb
U martin_vahi
W 3643
<p><b>The purpose of a signature is to authenticate the creator of the signed
object.</b>&nbsp;</p>

<p>In the case of blind dates and internet shopping <b>there is nothing to
authenticate at the first exchange of information</b>, because all merchants
and blind date partners are total strangers anyway. What matters is that the
correspondence that follows the first exchange of information is with the same
stranger, not with some other stranger.&nbsp;</p>

<p><br>
</p>

<h1>The Scheme</h1>

<p>The scheme is that message M_n signature is a secure hash of a concatenation
of all messages since the first message, message M_n included. If M_1 is a file
with the very first message that the signer sent and M_2 is the 2. message that
the signer sent, then a way to calculate the signature is:</p>
<pre>    cat ./M_1.blob  &gt; ./x.blob   # The "&gt;" is required for overwriting the old x.blob .</pre>
<pre>    cat ./M_2.blob &gt;&gt; ./x.blob   # The "&gt;&gt;" in stead of the "&gt;" is </pre>
<pre>                                 # required to add in stead of overwriting.</pre>
<pre>    cat ./M_3.blob &gt;&gt; ./x.blob</pre>
<pre>    ...</pre>
<pre><font color="#ff0000">    cp ./x.blob ./x_hijacker.blob</font></pre>
<pre>    cat ./M_n.blob &gt;&gt; ./x.blob</pre>
<pre>    sha256sum ./x.blob &gt; ./the_signature.txt</pre>
<pre><font color="#ff0000">    cat ./M_n_hijacker &gt;&gt; ./x_hijacker.blob</font></pre>
<pre><font color="#ff0000">    sha256sum ./x_hijacker.blob &gt; ./hijacked_branch_message_signature.txt</font></pre>
<pre><br>




</pre>

<p>The M_n must be included to the signature calculation x.blob to make sure
that an eavesdropper can not reuse the signature for signing its own message.
To make eavesdropping and hijacking more difficult, different messages might be
sent through different channels.&nbsp;</p>

<p><br>
</p>

<h1>Anti-hijack Measures</h1>

<p>The message M_1 might be accompanied by M_0, which might be some bitstream
that is distributed as a small piece of paper with a QR-code. Given that NSA
and alike do not intercept paper-mail/snail-mail without specifically targeting
someone, because the cost of doing physical processing of physical letters is
too high, some initial symmetric cryptography keys and the M_0 might be sent by
using snail-mail. Snail-mail has various different channels and part of the
cryptography keys might be sent through one channel, part through another and
if all of the channels are used at once, the eavesdroppers might be
overwhelmed, because they might run out of resources to
break/intercept/demand-with-a-court-order all different parcel delivery
services at once. On the other hand, sending paper with bitstreams is also
"legal". <b>Physical exchange of objects is never anonymous</b>, because the
sender of the object, even, if drop sites are used, can use trackers, send
poisons or bombs, etc. The anonymity that was used by the Cold War spies of the
United States and/or Soviet Union, was a <b>cooperative anonymity</b>, where
the spy wanted its co-workers to stay anonymous from itself, but at 21. century
<b>non-cooperative anonymity is required</b>. The proposed "Chainsignature"
scheme is usable with non-cooperative anonymity.</p>

<p><br>
</p>

<h1>Similar Ideas and Projects</h1>

<p>The obvious source of inspiration is the Bitcoin. Some other inspiration
sources are:</p>

<p>
<ul>
<li>A
<a href="https://blog.cryptographyengineering.com/2018/04/07/hash-based-signatures-an-illustrated-primer/">2018_04_07
blog post</a>&nbsp;<i>(<a href="https://archive.is/zLTyw">archival copy</a>,
local copy)</i> by Matthew Green</li>
</ul></p>

<p><br>
</p>

Z cf01a0a2a2eacc7436506276f13dd1a9