Cryptography Reference
In-Depth Information
more things. Transparent humans can be manipulated and extorted, particularly
if Mallory gets hold of your personal data. Greetings from Orwell. We will get
back to this issue in Section 8.2.2.
Part of it is (hopefully) pie in the sky, but still, we should consider these threats
today: once a non-anonymous protocol has been accepted it will be hard to
suppress it. The only thing that will be suppressed is our threat-awareness.
The protocol introduced below is anonymous.
The Chaum-Fiat-Naor Protocol
We will first have a look at the protocol and then discuss its effects.
1. Alice wants to use an electronic check to pay Bob 978 dollars. She
represents the information 'I am Alice in Wonderland, customer num-
ber 44322 with Second Reality Bank' unambiguously as number
I
,as
agreed.
I
could be a hash value of her personal information, for example.
2. She wants to buy a check for 978 dollars from her bank. To this end,
she creates a random number,
R
, which is so long that there can never
be two checks with the same number
R
in the world. She writes
R
and
the amount on the check.
3. Next, Alice creates three random number sequences, (
a
i
)
,(
b
i
)
, and (
c
i
)
,
for example, with 40 numbers in each sequence. These numbers have
to be of the same data type as information
I
in Step 1. She takes these
numbers and a suitable generally known one-way hash function,
h()
,to
calculate two sequences, (
x
i
) and (
y
i
):
x
i
= h(a
i
,b
i
)
y
i
= h(a
i
⊕
I,c
i
)
She also writes sequences (
x
i
)
and (
y
i
)
on the check.
4. Alice has her bank sign the check by means of a
blind signature
(see
Section 6.6.3).
To this end, she produces
N
such checks with the same amount (number
N
is specified by the bank). For example, she submits the hash values of
these blinded checks (see Section 6.6.3). The bank randomly selects
N
−
1 of these checks and requests their complete disclosure. Alice has to
submit these checks, together with the blinding factor and the pertaining