W3C home > Mailing lists > Public > public-webcrypto-comments@w3.org > November 2012

Re: RSA blind signatures

From: Richard L. Barnes <rbarnes@bbn.com>
Date: Tue, 27 Nov 2012 14:47:19 -0500
Cc: Anthony Nadalin <tonynad@microsoft.com>, Tolga Acar <tolga.acar@intel.com>, Mike Jones <Michael.Jones@microsoft.com>, Stefan Xenon <stefanxe@gmx.net>, public-webcrypto-comments@w3.org, Ryan Sleevi <sleevi@google.com>
Message-Id: <9D609DF6-AC0A-4C10-9E8A-0680E4006E32@bbn.com>
To: David Dahl <ddahl@mozilla.com>
+1

Integer sizing is a question for the underlying language.



On Nov 27, 2012, at 2:42 PM, David Dahl <ddahl@mozilla.com> wrote:

> One of the original intents (of mine anyway) was to avoid polyfilling. However, I think we should defer to TC39 on the question of bigint within this DOM API.
> 
> Cheers,
> 
> David
> 
> ----- Original Message -----
>> From: "Anthony Nadalin" <tonynad@microsoft.com>
>> To: "Ryan Sleevi" <sleevi@google.com>
>> Cc: "Tolga Acar" <tolga.acar@intel.com>, "Mike Jones" <Michael.Jones@microsoft.com>, "Stefan Xenon"
>> <stefanxe@gmx.net>, public-webcrypto-comments@w3.org
>> Sent: Tuesday, November 27, 2012 1:20:34 PM
>> Subject: RE: RSA blind signatures
>> 
>> I don't believe it's outside the current charter at all, please point
>> to where you think this violates the current charter, I also don't
>> believe the sole purpose of this group is to avoid polyfilling
>> 
>> -----Original Message-----
>> From: Ryan Sleevi [mailto:sleevi@google.com]
>> Sent: Tuesday, November 27, 2012 11:17 AM
>> To: Anthony Nadalin
>> Cc: Acar, Tolga; Mike Jones; Stefan Xenon;
>> public-webcrypto-comments@w3.org
>> Subject: Re: RSA blind signatures
>> 
>> On Tue, Nov 27, 2012 at 10:55 AM, Anthony Nadalin
>> <tonynad@microsoft.com> wrote:
>>> Just not sure I follow the logic from this thread, we are propose
>>> other function that is needed for various crypto functions, why not
>>> the bigint?
>> 
>> Because we're specifically not proposing something that low-level.
>> The only reason you need bigint is to polyfill something. The whole
>> point of this API is so that you don't have to polyfill something.
>> 
>>> When it comes to blind signatures there are several ways to do
>>> that,
>>> we have the requirement to be able to use blind signatures (not
>>> Chaum's RSA) within the browser, we also need bigint. So we are in
>>> favor of this proposal.
>> 
>> There has not been a proposal. This is a question about something
>> outside of our charter. The question at hand is whether or not to
>> recharter to embrace this feature.
>> 
>> I strongly oppose rechartering, since this is clearly an issue of the
>> language, and not of user agents. If Javascript wishes to support
>> arbitrary precision integers, as opposed to the current types today,
>> then it should be done in TC39. Given that TC39 has discussed this
>> in the past, I see no value in us taking up that mantle.
>> 
>> This is especially true because, within this group, the only reason
>> to talk bigints is to talk about polyfilling (whether ZRTP,
>> arbitrary KDFs from DH shared secrets, blind signatures, or vanity
>> crypto), and I would argue that the entire purpose of this group is
>> to avoid the need for polyfilling (which you can already do today -
>> see, for example, SJCL)
>> 
>>> 
>>> 
>>> 
>>> From: Acar, Tolga [mailto:tolga.acar@intel.com]
>>> Sent: Monday, November 26, 2012 4:45 PM
>>> To: Mike Jones; Stefan Xenon; public-webcrypto-comments@w3.org;
>>> sleevi@google.com
>>> 
>>> 
>>> Subject: RE: RSA blind signatures
>>> 
>>> 
>>> 
>>> Although I, too, would like to work on and use a bigint API in js,
>>> I
>>> am much less inclined to augment the web crypto API with a general
>>> purpose bigint API that looks more like math (group operations in
>>> particular) than crypto library. If there is interest in a bigint
>>> API
>>> in js, and it looks like there is, that should come under separate
>>> cover instead of being mixed with the Web Crypto API. So, what does
>>> that "separate cover" mean? A new WG, a natural extension of this
>>> WG?
>>> 
>>> 
>>> 
>>> -          Tolga
>>> 
>>> 
>>> 
>>> From: Mike Jones [mailto:Michael.Jones@microsoft.com]
>>> Sent: Friday, November 23, 2012 10:57 PM
>>> To: Stefan Xenon; public-webcrypto-comments@w3.org;
>>> sleevi@google.com
>>> Subject: RE: RSA blind signatures
>>> 
>>> 
>>> 
>>> For what it's worth, I know of other groups interested in native
>>> speed
>>> bigint math in JavaScript.
>>> 
>>> -- Mike
>>> 
>>> ________________________________
>>> 
>>> From: Stefan Xenon
>>> Sent: 11/23/2012 8:15 AM
>>> To: public-webcrypto-comments@w3.org; sleevi@google.com
>>> Subject: Re: RSA blind signatures
>>> 
>>> Hi Ryan,
>>> by any chance, could we propose such bigint API? If this would have
>>> a
>>> realistic chance, how is the process to move forward?
>>> 
>>> Regards
>>> Stefan
>>> 
>>> Am 23.11.2012 18:43, schrieb Ryan Sleevi:
>>>> A bigint API has not been proposed.
>>>> 
>>>> On Nov 23, 2012 1:47 AM, "Stefan Xenon" <stefanxe@gmx.net
>>>> <mailto:stefanxe@gmx.net>> wrote:
>>>> 
>>>>    Hi!
>>>>    We are developing a system (www.opencoin.org
>>>>    <http://www.opencoin.org>) which uses Chaum's RSA
>>>>    blind signatures. Of course I don't expect the Web Crypto API
>>>>    to
>>>>    natively support blind signatures. Instead we would like to
>>>>    utilize
>>>>    "raw" big integer operations to speed up our calculations. But
>>>>    In your
>>>>    current draft I couldn't find such basic operations exposed to
>>>>    web
>>>>    applications. Primarily we would need big integer operations
>>>>    for
>>>>    exponentiation and inverting (both modulo). Did I overlook
>>>>    such
>>>>    functions? Or would it be possible for your API to expose such
>>>> functions
>>>>    to web applications?
>>>> 
>>>>    Regards,
>>>>    Stefan
>>>> 
>>>> 
>> 
>> 
>> 
>> 
>> 
>> 
> 
Received on Tuesday, 27 November 2012 19:47:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 November 2012 19:47:57 GMT