W3C home > Mailing lists > Public > public-script-coord@w3.org > October to December 2012

RE: RSA blind signatures

From: Anthony Nadalin <tonynad@microsoft.com>
Date: Sat, 1 Dec 2012 18:07:04 +0000
To: Alex Russell <slightlyoff@google.com>
CC: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>, Ryan Sleevi <sleevi@google.com>, Mike Jones <Michael.Jones@microsoft.com>, "public-script-coord@w3.org" <public-script-coord@w3.org>, Stefan Xenon <stefanxe@gmx.net>, Tolga Acar <tolga.acar@intel.com>
Message-ID: <2a23aec960ca43eca5f57fe74f07bbc5@BY2PR03MB041.namprd03.prod.outlook.com>
Could be that you would want to badly define a bigint API but that is not my goal, and the ask is not DOM specific. I still don't see how this is in scope of TC39.

From: Alex Russell [mailto:slightlyoff@google.com]
Sent: Saturday, December 1, 2012 10:03 AM
To: Anthony Nadalin
Cc: public-webcrypto-comments@w3.org; Ryan Sleevi; Mike Jones; public-script-coord@w3.org; Stefan Xenon; Tolga Acar
Subject: RE: RSA blind signatures


So let me get this straight: despite being asked from both the WebCrypto and TC39 perspectives to ask for a higher-level API (or at leat to humor us and try to shown why it wouldn't work), you're doubling down on the ask that we prematurely and badly do a bigint api via DOM? Seriously?
On Dec 1, 2012 5:41 PM, "Anthony Nadalin" <tonynad@microsoft.com<mailto:tonynad@microsoft.com>> wrote:
This is nice view that Sun had but not what we found when doing the IBM JVM/JIT and support for bigint, this article also seems to support doing the support now and not later

From: Alex Russell [mailto:slightlyoff@google.com<mailto:slightlyoff@google.com>]
Sent: Saturday, December 1, 2012 5:59 AM
To: Anthony Nadalin
Cc: public-webcrypto-comments@w3.org<mailto:public-webcrypto-comments@w3.org>; Tolga Acar; Ryan Sleevi; Mike Jones; Stefan Xenon; public-script-coord@w3.org<mailto:public-script-coord@w3.org>
Subject: RE: RSA blind signatures


http://www.jroller.com/cpurdy/entry/the_seven_habits_of_highly1
On Nov 30, 2012 4:49 PM, "Anthony Nadalin" <tonynad@microsoft.com<mailto:tonynad@microsoft.com>> wrote:
I guess I disagree on this one,, while that may be a goal in TC39 there is still value in making this an API for this group, and TC39 can take it father if they so want/need, but there is a need for some functions so we can support algorithms (signature, encryption, etc. ) outside the standard ones, this is both is a browser and non-browser environments

From: Alex Russell [mailto:slightlyoff@google.com<mailto:slightlyoff@google.com>]
Sent: Friday, November 30, 2012 5:36 AM
To: Ryan Sleevi
Cc: public-webcrypto-comments@w3.org<mailto:public-webcrypto-comments@w3.org>; Acar, Tolga; Mike Jones; Stefan Xenon
Subject: Re: RSA blind signatures


What Ryan said.

As a TC39 member, let me second the sentiment that bignum support does not belong in an API. It should be done with full operator support and arbitrary precision if we're ever to have a hope of making bigger storage classes usable by mere mortals. I also recommend Ryan's approach: ask for the highest level thing you think you can get away with as that'll give implementations room to optimize while we figure out BigNum and BigInt in ES7.

Regards
On Nov 26, 2012 5:01 PM, "Ryan Sleevi" <sleevi@google.com<mailto:sleevi@google.com>> wrote:
BigNums have been discussed in the past in TC39 (aka the ECMAScript
standardization), and I believe need a new champion for that group.

I do think that they *do not* belong in this WG. BigNums are not
really a DOM concept, and the arguments for why "native JS" isn't
suitable for crypto I think highlights why a BigNum API in the DOM (as
opposed to the Javascript VM) is a Bad Thing(tm).

That said, if anyone is considering implementing polyfilled crypto
APIs via a BigNum interface, without support of the JVM, I would
suggest that "They're doing it wrong," since it's going to have all of
the problems that existing polyfilled APIs do today - lack of constant
time comparison, lack of correctness guarantee, possible Javascript VM
optimization hijinks, etc. So the argument for supporting a
cryptographic API - as opposed to something like fractal images or
formula - seems problematic.

If the argument is that "This is safe in other contexts" (SysApps or
platforms that use "technologies used on the Web" but are NOT "the
Web"), then I think it's a further case for TC39, as it's more about
using JavaScript as a fundamental language than it is about the web
platform.

For the purposes of blind signatures, I would suggest the proposal
instead would be to propose an algorithm and parameters for handling
blind signatures (or how the existing algorithm and parameters
can/should be adjusted) for discussion, rather than advocating a 'roll
your own'.

On Mon, Nov 26, 2012 at 4:45 PM, Acar, Tolga <tolga.acar@intel.com<mailto:tolga.acar@intel.com>> wrote:
> Although I, too, would like to work on and use a bigint API in js, I am much
> less inclined to augment the web crypto API with a general purpose bigint
> API that looks more like math (group operations in particular) than crypto
> library. If there is interest in a bigint API in js, and it looks like there
> is, that should come under separate cover instead of being mixed with the
> Web Crypto API. So, what does that "separate cover" mean? A new WG, a
> natural extension of this WG?
>
>
>
> -          Tolga
>
>
>
> From: Mike Jones [mailto:Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>]
> Sent: Friday, November 23, 2012 10:57 PM
> To: Stefan Xenon; public-webcrypto-comments@w3.org<mailto:public-webcrypto-comments@w3.org>; sleevi@google.com<mailto:sleevi@google.com>
> Subject: RE: RSA blind signatures
>
>
>
> For what it's worth, I know of other groups interested in native speed
> bigint math in JavaScript.
>
> -- Mike
>
> ________________________________
>
> From: Stefan Xenon
> Sent: 11/23/2012 8:15 AM
> To: public-webcrypto-comments@w3.org<mailto:public-webcrypto-comments@w3.org>; sleevi@google.com<mailto:sleevi@google.com>
> Subject: Re: RSA blind signatures
>
> Hi Ryan,
> by any chance, could we propose such bigint API? If this would have a
> realistic chance, how is the process to move forward?
>
> Regards
> Stefan
>
> Am 23.11.2012 18:43, schrieb Ryan Sleevi:
>> A bigint API has not been proposed.
>>
>> On Nov 23, 2012 1:47 AM, "Stefan Xenon" <stefanxe@gmx.net<mailto:stefanxe@gmx.net>
>> <mailto:stefanxe@gmx.net<mailto:stefanxe@gmx.net>>> wrote:
>>
>>     Hi!
>>     We are developing a system (www.opencoin.org<http://www.opencoin.org>
>>     <http://www.opencoin.org>) which uses Chaum's RSA
>>     blind signatures. Of course I don't expect the Web Crypto API to
>>     natively support blind signatures. Instead we would like to utilize
>>     "raw" big integer operations to speed up our calculations. But In your
>>     current draft I couldn't find such basic operations exposed to web
>>     applications. Primarily we would need big integer operations for
>>     exponentiation and inverting (both modulo). Did I overlook such
>>     functions? Or would it be possible for your API to expose such
>> functions
>>     to web applications?
>>
>>     Regards,
>>     Stefan
>>
>>
Received on Saturday, 1 December 2012 18:08:30 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 8 May 2013 19:30:08 UTC