Date: Tue, 06 Jul 93 16:30:47 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V2#055 Computer Privacy Digest Tue, 06 Jul 93 Volume 2 : Issue: 055 Today's Topics: Moderator: Dennis G. Rears Re: Article on EFF in WIRED Re: Trials, fines, juries. Re: new Electronic Cash scheme: technical report available New Privacy-Oriented Radio Program, and ANI-Readback Number International Software The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: bl0rp Subject: Re: Article on EFF in WIRED Date: 26 Jun 1993 00:02:30 GMT Organization: University of New Mexico, Albuquerque In article thomas@ponder.csci.unt.edu (Tom Thomas) writes: >The May/June issue of WIRED contains an article titled 'Crypto Rebels', >which provides a high-level treatment of issues sourrounding privacy >in electronic communications. It talks a lot about the EFF and John Gilmore. > looks like a decent mag, just found it yesterday, want to mail me a review? anyone? >However, on page 97 in the 'Hype List' column, there is a blurb about the >EFF 'selling out' and reorganizing. > >I'm curious about the current state of the EFF, and any other information >about them. I've seen many references to them in Dorothy Denning's series of >articles in CACM, but now have a stronger curiosity. Any info/leads will >be appreciated. Also, any discussion about EFF and its activities would >be of interest to me. > try looking of comp.org.eff.talk or comp.org.eff.news i would think those are the two best places to find what you are looking for >Thanks - Tom Thomas -- I'm just very selective about the reality i choose to accept. -Calvin I have plenty of common sense, i just choose to ignore it. -Calvin It's a windowing system named X, not a system named X windows. Unspoiled by progress,Mac,X,Unix,MsDos,Amiga,I-net, or raisins. ------------------------------ Date: Sat, 26 Jun 93 22:32 PDT From: Michael Gersten Subject: Re: Trials, fines, juries. In article Geoffrey Kuenning writes: > This, according to Justice Scalia, is precisely the reason >the Eighth Amendment to the U.S. Constitution prohibits excessive >fines: to remove the profit motive from classifying certain behavior >as criminal. >-- If this is true, how come the fines for exceeding the posted speed limit are so high? How come they have a new photo-speed-trap, in which they take a picture of you & your car & the radar-indicated speed and _mail_ the picture to you, requesting the payment of a fine? Low-posted speed limits are a primary method of income to the various municipal governments lately.... -- George Crissman ----- That's nothing. What's better is how you can't even get a jury trial to fight such an accusation. Remember the constitution grants you a trial in all criminal matters; yet the state (CA) supreme court has ruled something like, since you didn't get a jury trial before CA was a state, so you are not entitled to one now. Or something about as ridiculous as that. Michael (ok, so this is even less privacy related than the profit problem.) -- Michael Gersten michael@stb.info.com NeXT Registered Developer (NeRD) # 3860 -- Hire me! (Ready around 10/93) Running for President in 2000 on platform of Integrity in Government and No Special Cases. Contacts, volunteers, helpers needed. ------------------------------ From: Stefan Brands Newsgroups: comp.society.privacy Subject: Re: new Electronic Cash scheme: technical report available Date: 29 Jun 93 10:13:51 GMT Organization: CWI, Amsterdam Since any reference to my report have disappeared out of the references to Niels Ferguson's article (I guess it must be a bug in bibtex, so perhaps Niels should use a different version when he starts doing his master's thesis), I hereby post a (modified) repost of an article I posted almost two and a half months ago on sci.crypt. PRIVACY-PROTECTING OFF-LINE ELECTRONIC CASH SYSTEMS ___________________________________________________ I recently (Official date March 1993, appeared April 12 with a few typos removed) published a new privacy-protecting off-line electronic cash system as a technical report at CWI. I am a PhD-student at David Chaum's cryptography-group, and our group has a long history of research in the field of privacy-protecting cash systems. The electronic version of the report is called CS-R9323.ps.Z, contains 77 pages, and can be retrieved from ftp.cwi.nl (192.16.184.180) from the directory pub/CWIreports/AA. The postscript-file is suitable for 300dpi laserprinters. ==================================================================== TITLE : An Efficient Off-line Electronic Cash System Based On The Representation Problem DESCRIPTION (modified): Many privacy-protecting off-line electronic cash systems have been proposed over the last couple of years, most building on the work of David Chaum and others. Systems have been proposed that have a very high degree of PROVABILITY (e.g. the signature scheme of the bank is secure against an adaptively chosen message attack) but are (very) inefficient since they use theoretical schemes for e.g. multi-party computations. These systems aim to produce results similar to e.g. "a secure digital signature exists if and only if trapdoor permutations exists" (a result of Bellare/Micali). In this respect, I want to mention work of Damgard, Pfitzmann and Waidner, De Santis et al., and Franklin and Yung. Although it is important to know under what theoretical conditions secure privacy-protecting off-line electronic cash systems exist, one would want to have EFFICIENT systems. Recently, such a system was proposed by Niels Ferguson (see his post). This system is quite efficient, however it seems difficult to prove anything about its security. It is desirable to have systems that have both features, provability and efficiency. In my technical report, I describe a system that indeed combines provable security (to a high extent) and efficiency. It is based on a problem, called the representation problem, of which little use has thus far been made in literature, in conjunction with what I call a "restrictive" blind signature scheme. This approach results in a cash system that not only can be proven secure to a very high extend, but also is more efficient than the system described by Ferguson. For example, storage space for a coin is 70 bytes (!), and in order to make a payment, only two multiplications modulo a 140-bit prime are required by the user, independent of the lengthe of the challenge c of the shop -- in Ferguson's system, 250 bytes storage space are needed, and more than 1.5 * |c| multiplications modulo a 512-bit composite are needed (e.g., over 45 for a 30-bit challenge) for a payment. In addition, our withdrawal protocol uses less transmissions and only 4 numbers to be transmitted rather than 12 in the system of Ferguson. Apart from provability and efficiency, there is one other important feature one would like to have in electronic cash systems, namely EXTENDIBILITY. In the inefficient but highly provably secure systems mentioned above, this is very hard to achieve. The same holds for the system of Ferguson. In addition, since the security of his basic system cannot be proven, the same will certainly hold for any extensions. In contrast, the system I describe features the following extensions: * framing attempts of the bank (saying that a user double-spent a coin, whereas he did not) are prevented regardless of computational power, by a simple mechanism. * electronic checks; these can be achieved almost as efficiently as coins, whereas they enable the user to spend any amount between, say, 1 and 2^k dollars (for some arbitrary k). * multi-spendable coins; coins can be spent k times (at the cost of linkability but NOT traceability) in such a way that the storgae requirements of the user become k times as efficient. * Anonymous accounts (i.e. in addition to anonymous payments). This level of anonymity has not been achieved before. (not yet in report, but will be in the Crypto 93 pre-proceedings) * (perhaps the most interesting): The entire off-line cash system (including all the extensions) can be incorporated in a setting based on so-called wallets with observers (a user-module with embedded within it a tamper-resistant module), which has the important advantage that double-spending can be prevented, rather than detecting the identity of a double-spender after the fact. In particular, it can be incorporated even under the most stringent requirements conceivable about the privacy of the user, which seems to be impossible to do with previously proposed systems. This important extension builds on the work of David Chaum and Cramer/Pedersen. As a result, one can build an efficient, highly provably secure off-line cash system with both security (prior restraint of double-spending) and privacy (anonymous accounts) guaranteed to a higher level than before. In all the extensions, the efficiency is maintained (due to e.g. vector addition chain techniques applicable to the representation problem), and the proofs of security follow almost immediately from that of the basic system. Moreover, a similar system can be based on RSA; I will publish this soon. I made a particular effort to keep the report as self-contained as possible. If you have any questions, please e-mail to me and I will try to reply as well as I can. Any comments are also welcome! Stefan Brands, -------------------------------------------------------- CWI, Kruislaan 413, 1098 SJ Amsterdam, The Netherlands Tel: +31 20 5924103, e-mail: brands@cwi.nl ------------------------------ Date: Mon, 28 Jun 93 8:18:12 CDT From: Will Martin Subject: New Privacy-Oriented Radio Program, and ANI-Readback Number There is a new radio program about privacy and surveillance issues, put out by the folks who produce Full Disclosure magazine, called "Full Disclosure Live". It had been aired only on the Let's Talk Radio satellite-broadcasting facility, and thus receivable only by people with satellite dishes, but they have just begun broadcasting on WWCR shortwave, on 7435 kHz, at 7 PM Sunday evenings Central Time. It is an hour-long program, and I just lucked out and happened to catch its first airing on Sunday, 27 June. WWCR has a good signal on 7435 kHz and can be heard over most of North America and should reach Europe at that time, too. (Of course, that's 0100 GMT, so much of Europe will be asleep! :-) They have a combination of discussions and listener call-ins, with the call-in number being 708-838-3378. When I called, I got right in with no delay. I caught a slight reference to the Internet later in the program, but had had to switch radios before then and start doing something else, and couldn't hear it clearly, so I can't say if they had stated they were reachable via the Internet or what the reference was. They have an ANI-readback 800 number they advertised repeatedly during the program: 800-235-1414. This is an add for 1-900-STOPPER and for Full Disclosure magazine, with an opportunity for you to leave your name and address or a short message afterwards. When I called it from home, it read back my correct home phone number, but calling it from work through our PBX here at a federal office building makes it read back a completely different number on another exchange. That number returns a constant busy if I call it from here, even using another line. I don't think this ANI readback number has been mentioned in the Telecom Digest recently; I can't find any reference to it in Volume 13, at least. So here is another resource for you. Regards, Will [Moderator's Note: This was originally sent to telecom-priv@pica.army.mil. That address is no longer valid as the telecom-priv was merged into this forum. ._dennis ] ------------------------------ From: jbowyer@cis.vutbr.cz (Bowyer Jeff) Subject: International Software Date: Thu, 1 Jul 1993 11:21:44 GMT Reply-To: jbowyer@cis.vutbr.cz Please share your expertise concerning privacy and the internationalization/localization of software with our mailing list. INSOFT-L on LISTSERV@CIS.VUTBR.CZ Internationalization of Software Discussion List Internationalization of software relates to two subjects: 1. Software that is written so a user can easily change the language of the interface; 2. Versions of software, such as Czech WordPerfect, whose interface language differs from the original product. Topics discussed on this list include: -- Techniques for developing new software -- Techniques for converting existing software -- Internationalization tools -- Announcements of internationalized public domain software -- Announcements of foreign-language versions of commercial software -- Calls for papers -- Conference announcements -- References to documentation related to the internationalization of software This list is moderated. To subscribe to this list, send an electronic mail message to LISTSERV@CIS.VUTBR.CZ with the body containing the command: SUB INSOFT-L Yourfirstname Yourlastname Owner: Center for Computing and Information Services Technical University of Brno Udolni 19, 602 00 BRNO Czech Republic INSOFT-L-REQUEST@CIS.VUTBR.CZ ------------------------------ End of Computer Privacy Digest V2 #055 ******************************