W3C home > Mailing lists > Public > public-webcrypto-comments@w3.org > November 2012

Re: RSA blind signatures

From: Stefan Xenon <stefanxe@gmx.net>
Date: Thu, 29 Nov 2012 22:58:53 +0100
Cc: sleevi@google.com, public-webcrypto-comments@w3.org, Michael.Jones@microsoft.com, tolga.acar@intel.com, tonynad@microsoft.com
Message-ID: <20121129215853.245720@gmx.net>
To: "Richard L. Barnes" <rbarnes@bbn.com>, ddahl@mozilla.com
Following this discussion it seems to me that including blind signatures into the API (instead of a generic bigint API) would actually be within reach. Is there anything I can do to help the process of getting blind signatures included (we would need Chaum RSA)?


-------- Original-Nachricht --------
> Datum: Tue, 27 Nov 2012 14:47:19 -0500
> Von: "Richard L. Barnes" <rbarnes@bbn.com>
> An: David Dahl <ddahl@mozilla.com>
> CC: Anthony Nadalin <tonynad@microsoft.com>, Tolga Acar <tolga.acar@intel.com>, Mike Jones <Michael.Jones@microsoft.com>, Stefan Xenon <stefanxe@gmx.net>, public-webcrypto-comments@w3.org, Ryan Sleevi <sleevi@google.com>
> Betreff: Re: RSA blind signatures

> +1
> 
> Integer sizing is a question for the underlying language.
> 
> 
> 
> On Nov 27, 2012, at 2:42 PM, David Dahl <ddahl@mozilla.com> wrote:
> 
> > One of the original intents (of mine anyway) was to avoid polyfilling.
> However, I think we should defer to TC39 on the question of bigint within
> this DOM API.
> > 
> > Cheers,
> > 
> > David
> > 
> > ----- Original Message -----
> >> From: "Anthony Nadalin" <tonynad@microsoft.com>
> >> To: "Ryan Sleevi" <sleevi@google.com>
> >> Cc: "Tolga Acar" <tolga.acar@intel.com>, "Mike Jones"
> <Michael.Jones@microsoft.com>, "Stefan Xenon"
> >> <stefanxe@gmx.net>, public-webcrypto-comments@w3.org
> >> Sent: Tuesday, November 27, 2012 1:20:34 PM
> >> Subject: RE: RSA blind signatures
> >> 
> >> I don't believe it's outside the current charter at all, please point
> >> to where you think this violates the current charter, I also don't
> >> believe the sole purpose of this group is to avoid polyfilling
> >> 
> >> -----Original Message-----
> >> From: Ryan Sleevi [mailto:sleevi@google.com]
> >> Sent: Tuesday, November 27, 2012 11:17 AM
> >> To: Anthony Nadalin
> >> Cc: Acar, Tolga; Mike Jones; Stefan Xenon;
> >> public-webcrypto-comments@w3.org
> >> Subject: Re: RSA blind signatures
> >> 
> >> On Tue, Nov 27, 2012 at 10:55 AM, Anthony Nadalin
> >> <tonynad@microsoft.com> wrote:
> >>> Just not sure I follow the logic from this thread, we are propose
> >>> other function that is needed for various crypto functions, why not
> >>> the bigint?
> >> 
> >> Because we're specifically not proposing something that low-level.
> >> The only reason you need bigint is to polyfill something. The whole
> >> point of this API is so that you don't have to polyfill something.
> >> 
> >>> When it comes to blind signatures there are several ways to do
> >>> that,
> >>> we have the requirement to be able to use blind signatures (not
> >>> Chaum's RSA) within the browser, we also need bigint. So we are in
> >>> favor of this proposal.
> >> 
> >> There has not been a proposal. This is a question about something
> >> outside of our charter. The question at hand is whether or not to
> >> recharter to embrace this feature.
> >> 
> >> I strongly oppose rechartering, since this is clearly an issue of the
> >> language, and not of user agents. If Javascript wishes to support
> >> arbitrary precision integers, as opposed to the current types today,
> >> then it should be done in TC39. Given that TC39 has discussed this
> >> in the past, I see no value in us taking up that mantle.
> >> 
> >> This is especially true because, within this group, the only reason
> >> to talk bigints is to talk about polyfilling (whether ZRTP,
> >> arbitrary KDFs from DH shared secrets, blind signatures, or vanity
> >> crypto), and I would argue that the entire purpose of this group is
> >> to avoid the need for polyfilling (which you can already do today -
> >> see, for example, SJCL)
> >> 
> >>> 
> >>> 
> >>> 
> >>> From: Acar, Tolga [mailto:tolga.acar@intel.com]
> >>> Sent: Monday, November 26, 2012 4:45 PM
> >>> To: Mike Jones; Stefan Xenon; public-webcrypto-comments@w3.org;
> >>> sleevi@google.com
> >>> 
> >>> 
> >>> Subject: RE: RSA blind signatures
> >>> 
> >>> 
> >>> 
> >>> Although I, too, would like to work on and use a bigint API in js,
> >>> I
> >>> am much less inclined to augment the web crypto API with a general
> >>> purpose bigint API that looks more like math (group operations in
> >>> particular) than crypto library. If there is interest in a bigint
> >>> API
> >>> in js, and it looks like there is, that should come under separate
> >>> cover instead of being mixed with the Web Crypto API. So, what does
> >>> that "separate cover" mean? A new WG, a natural extension of this
> >>> WG?
> >>> 
> >>> 
> >>> 
> >>> -          Tolga
> >>> 
> >>> 
> >>> 
> >>> From: Mike Jones [mailto:Michael.Jones@microsoft.com]
> >>> Sent: Friday, November 23, 2012 10:57 PM
> >>> To: Stefan Xenon; public-webcrypto-comments@w3.org;
> >>> sleevi@google.com
> >>> Subject: RE: RSA blind signatures
> >>> 
> >>> 
> >>> 
> >>> For what it's worth, I know of other groups interested in native
> >>> speed
> >>> bigint math in JavaScript.
> >>> 
> >>> -- Mike
> >>> 
> >>> ________________________________
> >>> 
> >>> From: Stefan Xenon
> >>> Sent: 11/23/2012 8:15 AM
> >>> To: public-webcrypto-comments@w3.org; sleevi@google.com
> >>> Subject: Re: RSA blind signatures
> >>> 
> >>> Hi Ryan,
> >>> by any chance, could we propose such bigint API? If this would have
> >>> a
> >>> realistic chance, how is the process to move forward?
> >>> 
> >>> Regards
> >>> Stefan
> >>> 
> >>> Am 23.11.2012 18:43, schrieb Ryan Sleevi:
> >>>> A bigint API has not been proposed.
> >>>> 
> >>>> On Nov 23, 2012 1:47 AM, "Stefan Xenon" <stefanxe@gmx.net
> >>>> <mailto:stefanxe@gmx.net>> wrote:
> >>>> 
> >>>>    Hi!
> >>>>    We are developing a system (www.opencoin.org
> >>>>    <http://www.opencoin.org>) which uses Chaum's RSA
> >>>>    blind signatures. Of course I don't expect the Web Crypto API
> >>>>    to
> >>>>    natively support blind signatures. Instead we would like to
> >>>>    utilize
> >>>>    "raw" big integer operations to speed up our calculations. But
> >>>>    In your
> >>>>    current draft I couldn't find such basic operations exposed to
> >>>>    web
> >>>>    applications. Primarily we would need big integer operations
> >>>>    for
> >>>>    exponentiation and inverting (both modulo). Did I overlook
> >>>>    such
> >>>>    functions? Or would it be possible for your API to expose such
> >>>> functions
> >>>>    to web applications?
> >>>> 
> >>>>    Regards,
> >>>>    Stefan
> >>>> 
> >>>> 
> >> 
> >> 
> >> 
> >> 
> >> 
> >> 
> > 
> 
> 
Received on Friday, 30 November 2012 00:46:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 30 November 2012 00:46:10 GMT