This is the supposedly-bimonthly-but-we-keep-skipping 'What are you working On?' thread. Previous threads are here. So here's the question:
What are you working on?
Here are some guidelines:
- Focus on projects that you have recently made progress on, not projects that you're thinking about doing but haven't started.
- Why this project and not others? Mention reasons why you're doing the project and/or why others should contribute to your project (if applicable).
- Talk about your goals for the project.
- Any kind of project is fair game: personal improvement, research project, art project, whatever.
- Link to your work if it's linkable.
Since December, I have been working on a proposed extension to OpenPGP to add support for some sort of designated verifier signature. Most of this work involved doing a literature review and carefully reading the OpenPGP specification to see what cryptographic schemes can be implemented successfully in OpenPGP. I settled on a ring signature scheme by Abe et al. (2004), and recently posted a proposal to the OpenPGP mailing list. Note that this is a proposal for a draft of a proposed standard, so things remain very flexible. This is the best time for anyone to comment on the proposal, before I write up an I-D.
The following is a snippet of the description of ring signatures that I gave in my overview of the proposal:
I am interested to hear from the perspective of end users. For instance:
Of course, I would also like to hear from anyone who has the time to go through the details of the proposal. Sections 3 and 4 contain the bulk of the actual cryptographic scheme, and it closely follows Abe et al.'s scheme with only small modifications to better fit OpenPGP. Some resources:
Ring signatures are interesting by themselves, and I think some Less Wrong readers might enjoy reading the following papers. The standard reference for ring signatures is Rivest et al. (2006); I would recommend reading this paper first if you plan on reading Abe et al.'s paper, because it contains a very clear exposition of the ideas behind ring signatures. A third paper that I recommend is Bresson et al. (2002); Sections 1–3 are particularly useful.
The current OpenPGP specification is given in RFC 4880. I don't recommend reading it unless you have some burning desire to learn more about OpenPGP; it's not particularly illuminating.
In the best case scenario, ring signatures get deployed on GnuPG within a few years and Alice can create a ring-signed message for Bob simply by running:
gpg2 --clearsign --ring-signature --recipient Bob
(In the not-quite-worst case scenario, I write the I-D, everyone agrees it's crap, and I vow never to touch math again.)
What are the use cases of a ring signature? What does Alice hope to accomplish by arranging for only Bob to be able to verify a thing?