This is the supposedly-bimonthly-but-we-keep-skipping 'What are you working On?' thread. Previous threads are here. So here's the question:
What are you working on?
Here are some guidelines:
- Focus on projects that you have recently made progress on, not projects that you're thinking about doing but haven't started.
- Why this project and not others? Mention reasons why you're doing the project and/or why others should contribute to your project (if applicable).
- Talk about your goals for the project.
- Any kind of project is fair game: personal improvement, research project, art project, whatever.
- Link to your work if it's linkable.
It's intended for situations where Alice and Bob wish to communicate digitally with some degree of privacy and authenticity. At the moment, using software like GnuPG (which is a free and open source implementation of OpenPGP), Alice can encrypt her messages to Bob to provide privacy, and she can also digitally sign her messages to provide authenticity (i.e., a cryptographic proof that she wrote the message).
Unfortunately, using such a system, Alice might worry that Bob could show others her messages and signatures, thus proving to others that she wrote and signed them. Such worries are not unusual if someone goes to the trouble of encrypting and signing their messages. For instance, if Alice is in a price negotiation with Bob, she might not want Bob to be able to prove to competitors that she offered a certain price.
By using a ring signature instead of a standard signature, Alice can alleviate such worries. When she signs a message using a ring signature, Bob can be sure that Alice signed the message, but it only proves to everyone else that either Alice or Bob signed the message. Thus Bob is unable to prove to others what Alice said to him, because he could have forged the ring signature himself!
Of course, Bob can still tell everyone what Alice said—using ring signatures instead of standard signatures only removes his ability to cryptographically prove to everyone what Alice said. This becomes a "he said she said" situation rather than a "she said this and here's the proof" situation. From Alice's point of view, the first situation is better than the second, so she would prefer to use ring signatures.
More generally, I hope for ring signatures to become easy enough to use that a typical user can use it for normal emails. Right now, it is not advisable for the average user to sign their emails simply because it is often a bad idea to give recipients the ability to prove to others what they said.
Incidentally, this has actually been a practical concern on the black-markets: there have been occasional attempts to break pseudonyms by sending them messages encrypted to other pseudonyms' keys, and the initial proof that Dread Pirate Robert 2 was StExo come from DPR2 accidentally releasing a message signed by StExo's key.