#tlsnotary-chat

/

      • arubi joined the channel
      • belcher_ joined the channel
      • proslogion joined the channel
      • proslogion
        so the idea of using length-extension attack to prove the authenticity of chunks A and C in a page A|B|C while hiding B, is to have the auditor controlling the HMAC key K, and in a rudimentary MAC setup, producing H(K|A) first, then transfer it to the auditee to create H(K|A|B), and return it to the auditor to finally create H(K|A|B|C) and check if it matches the digest. The previous concern with this scheme was that the auditor could
      • replace A|B with something entirely, but that doesn't appear to be justified, as the auditee doesn't know the HMAC key K, he could not create some H(K|A1|B1) that could produce a H(K|A1|B1|C) that can match the digest while the last step of hashing is carried out by the auditor, as you can't deduce H(K|A1|B1) just from the digest and C
      • I will talk about how to extend it to multiple chunks of hidden content tomorrow, btw botbot.me appears to be shutting down :0
      • :)
      • *something entirely* should be *something entirely different*
      • well the whould clause should be "the previous concern with this scheme was that the auditee could replace A|B with something entirely different(A1|B1)"
      • waxwing
        as long as part 2 comes before matt green's third blog post on ZKP i'll be happy proslogion :)
      • btw i saw something about deprecation of 1.0/1.1 yesterday ... think it might have been google. didn't chase up.
      • proslogion
        waxwing, though I have not been in this space for long, I can assure you that I wasn't busy shilling some altcoins while I was away :)
      • waxwing
        dunno what you mean, he's just progressing satoshi's true vision
      • arubi joined the channel
      • proslogion
        makes you wonder if he has a ZKP of the Riemann Hypothesis, yet you can't even know if the size of the proof can fit in a blog post
      • proslogion has quit