[tbb-dev] Cloudflare's OPRFs
Georg Koppen
gk at torproject.org
Mon Jan 8 12:28:00 UTC 2018
Jeff Burdges:
>
> I wrote to the Taler list <taler at gnu.org> about certificate concerns
> with CloudFlare's OPRFs but never informed you guys.
> https://blog.cloudflare.com/privacy-pass-the-math/
>
> I'll re-edit the relevant email from 10 Nov 2017 below:
>
>
> There are shades of a "bug door" in [CloudFlare's] no certificates
> arguments :
> - "The only thing edge to manage is a private scalar. No certificates."
> - The edge's public key xG is "posted publicly [similar] to a
> Certificate Transparency Log [and] "verifiable by all users and so the
> deanonymization attack above would not be possible."
>
> In other words, there is no plan for the Tor Project to control any
> certificate authorizing the edge's public keys, ala an auditor key in
> Taler. There aren't even any promises made about any particular
> certificate transparency scheme being employed to keep edges from
> employing unique keys.
>
> I think their client software could track the public keys they see
> themselves easily enough, but if different edge servers use different
> keys then this becomes mostly useless. If for example the transparency
> log posts 256 keys supposedly used concurrently by 256 different edge
> servers, but secretly all edge servers used all keys, then your edge
> public key adds 8 bits of identifying information, but nothing looks
> suspicious in the transparency log.
Could you elaborate on the problem you see a bit? What exactly would be
the attack scenario given edge1, edge2, ..., edgeN and why are DLEQ
proofs not sufficient for that? What do you mean by "your edge public key"?
Georg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20180108/a97ce403/attachment.sig>
More information about the tbb-dev
mailing list