[tor-access] Specification for bypassing CAPTCHAs using blinded tokens

Jeff Burdges burdges at gnunet.org
Thu Oct 6 03:11:13 UTC 2016


On Tue, 2016-10-04 at 08:15 +0000, Alex Davidson wrote:
> Regarding the possibility of a malicious edge using a small modulus n. 

It's not a small modulus n, but n = p q r_1 .. r_n where p and q are
still largish, and r_i are smallish, maybe 10 bits.

> Given that there will only be one public signing key available at
> any time and since this will be publicly available 

We do not know how this might evolve.

If you want to save one GCD computation, then you can look into the
inversion mod n operation that one already runs on the blinding factor
to understand exactly how it fails if the blinding factor and n have a
common divisor.  

Afaik one cannot avoid computing the GCD of the FDH and n though.

Jeff

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-access/attachments/20161005/2dcdccec/attachment.sig>


More information about the tor-access mailing list