Checking and generating proof that the RSA key can be used for blinding #72
Comments
|
I'm working on the spec for this protocol right now, will post soon., |
|
@goldbe any progress? This is last piece missing. |
|
We are actively working on it now. We had to design a whole new protocol for this. |
|
As an update on our progress: |
|
Hey, one question for you. What values do we plan to include in the setup protocol? We need the RSA public key for the Tumbler, and a hash of two zero-knowledge proofs (that we're currently specing out) but what else? IP address/onion address/any networking information? |
|
We also need key validity (time) periods, of course. |
|
so here is what we give to the user: http://testnet.ntumblebit.metaco.com/api/v1/tumblers/7c762c3dc672d440a9a0ed3082a2fc5fbfcc51db The tb client will then download And verify that the hash of the parameters is equal to "7c762c3dc672d440a9a0ed3082a2fc5fbfcc51db". The parameters are then saved locally and never requested/verified again. There is no validity period, it is unclear to me how to renew keys trustlessly. |
|
The first link is a 404. I'll think more about validity periods for keys, and see if I can come up with an argument on why they are needed. (Or not.) |
|
The first link is 404, this is normal, it is not browsable by the user, this is only needed to communicate to the user the hash of parameters, as well as the server. |
|
We need the tumbler to commit to a particular communication method/address. We should avoid DNS hostnames as a clever Tumbler could use DNS resolution differences to reduce the anonymity set e.g. tumbler says tumbler.com = 1.1.1.1 to some parties and 2.2.2.2 to others. TOR provides an effective solution to this in the form of .onions. |
|
Yes I agree with what Ethan said. Especially if i classic mode where Alice and Bob are the same person. If the Tumbler gives each Alice a different IP address from everyone else, and Bob (who is the same person) uses it too, then it is trivial to link Alice and Bob. So we need to force the Tumbler to give everyone the same network address by having him commit to the network address on the blockchain. |
|
TumbleBit server require you to have Tor already (except if you use -allowinsecure), it auto register itself as hidden service. |
|
http://ye33yfa66xpqsjdu.onion/api/v1/tumblers/2fc0fba4f88fae783dd6e8f972920d51586e3084 (same tumbler, the hash changed because of my numerous changes in 2 or 3 days) |
|
Should I include the URL into the hash? |
|
TB shared link are now ctb://blabla.onion?h=confhash Confhash is the hash of everything inside ClassicTumblerConfiguration. It does not include the onion URL. |
|
Just one more thought : Even if the Tumbler requires you to have Tor, I think one could still carry out a similar attack to this one:
Except we replace IP address with .onion address. This, the Tumbler attacks by giving each user a different .onion address. So we should include the .onion address on the blockchain. |
|
@osagga and I are happy to post a first version of the implementation of the TumbleBit setup protocol! @NicolasDorier we are waiting for your review and PR that would make the API easier to use. You can find the spec of the protocol here: https://github.com/osagga/TumbleBitSetup/blob/master/setup.pdf CC: @EthanHeilman |
|
Done! |
@EthanHeilman
The text was updated successfully, but these errors were encountered: