On Fri, Dec 13, 2013 at 12:06 AM, Nicholas Hopper hopper@cs.umn.edu wrote:
On Fri, Nov 29, 2013 at 7:27 PM, Nick Mathewson nickm@torproject.org wrote:
Appendix A. Signature scheme with key blinding [KEYBLIND] ... See [KEYBLIND-REFS] for an extensive discussion on this scheme and possible alternatives. I've transcribed this from a description by Tanja Lange at the end of the thread. [TODO: We'll want a proof for this.]
A security proof for this scheme is available at: https://www-users.cs.umn.edu/~hopper/basic-proof.pdf (LaTeX sources at https://www-users.cs.umn.edu/~hopper/hs-identity-proof.git)
It would be fantastic to get comments/discussion from the tor-dev community ahead of publishing this as a Tor Project tech report.
In a branch "ed25519_ref10" for review on ticket #12980, I've implemented something not wholly dissimilar from the approach discussed here. Please have a look at my comments and questions there to see how badly I've messed it up.