[tbb-dev] Cloudflare's OPRFs

Georg Koppen gk at torproject.org
Mon Jan 8 12:28:00 UTC 2018

Jeff Burdges:
> I wrote to the Taler list <taler at gnu.org> about certificate concerns
> with CloudFlare's OPRFs but never informed you guys. 
> https://blog.cloudflare.com/privacy-pass-the-math/
> I'll re-edit the relevant email from 10 Nov 2017 below:
> There are shades of a "bug door" in [CloudFlare's] no certificates
> arguments :
> - "The only thing edge to manage is a private scalar. No certificates."
> - The edge's public key xG is "posted publicly [similar] to a
> Certificate Transparency Log [and] "verifiable by all users and so the
> deanonymization attack above would not be possible."
> In other words, there is no plan for the Tor Project to control any
> certificate authorizing the edge's public keys, ala an auditor key in
> Taler.  There aren't even any promises made about any particular
> certificate transparency scheme being employed to keep edges from
> employing unique keys.  
> I think their client software could track the public keys they see
> themselves easily enough, but if different edge servers use different
> keys then this becomes mostly useless.  If for example the transparency
> log posts 256 keys supposedly used concurrently by 256 different edge
> servers, but secretly all edge servers used all keys, then your edge
> public key adds 8 bits of identifying information, but nothing looks
> suspicious in the transparency log. 

Could you elaborate on the problem you see a bit? What exactly would be
the attack scenario given edge1, edge2, ..., edgeN and why are DLEQ
proofs not sufficient for that? What do you mean by "your edge public key"?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20180108/a97ce403/attachment.sig>

More information about the tbb-dev mailing list