Deep Dive into U-Prove Cryptographic Protocols (Channel 9)

Deep Dive into U-Prove Cryptographic Protocols

Posted: Mar 02, 2010 at 8:12 AM

By: Vittorio Bertocci

(2)

36,832 Views

5 Comments

Video format

Option selected may change based on video formats available and browser capability.

Auto

Use our suggested format for this video.

Smooth Streaming

Adaptive bitrate streaming - little buffering but lower video quality at times of low bandwidth. Silverlight 5 required

Progressive

Traditional buffered video format. Silverlight 5 required

HTML5

For browsers that support H.264 MP4 or WebM video playback such as:
IE9+, Firefox 4+, Chrome 5+, or Safari 4+.

Flash

For browsers that have the Adobe Flash Player plugin installed.

In this third and last IdElement installment on the U-Prove CTP series, we once again feature Dr. Stefan Brands, who spends an hour describing the crypto behind U-Prove. Wrapping your head around all the mathematical details may require some effort, but if you are interested in this space it is totally worth it. By the end of the video, you will have a clear understanding of how U-Prove works and how it can truly reconcile security and privacy requirements.
If you want to go even deeper, Stefan's book on the topic is freely available on line.

Get the CTP here

Get the C# edition

Get the Java edition

Follow the Discussion

Follow
Oops, something didn't work.

Try again?

Sign In to be begin to follow these comments

What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in. You need to be signed in to Channel 9 to use this feature.

Getting "follow" information

Stop following these comments

Start following these comments

What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in and view them all on your notifications page.

Removing your "follow"

Setting up your "follow"

Did you know you can
sign up for email notifications?
- Subscribe to this comments

enzol

Mar 02, 2010 at 6:12 PM

What does prevent the cooperation of the RP and IP to track the user?
The IP could store who requested the token which resulted in {H}sign and report it back to the RP. What am I missing?
ranamauro

Mar 02, 2010 at 7:38 PM

From my understanding they can't cooperate because IP & RP don't know about each other
enzol

Mar 03, 2010 at 7:35 AM

Well, the RP must know the IP:

1. to verify the signature

2. to be sure that is a well known authority (equivalent of a CA in classical crypto)

From what I understand is the "signature" part that handles this and it is not clear if H is what is actually disclosed to RP or not. If it is I don't see how RP and IP cannot cooperate, but again I might be missing somethig.
D.R.

Jan 14, 2011 at 2:45 AM

He didn't explain the whole process, so I'm guessing that's why the confusion. He did say that the signature process involves a collaboration between the IP and the user. As he mentioned in the video, he was not going to explain this new signature system, but it is different from the standard PKI system. I am guessing that H and it's signature are generated in a collaborative process between user and IP in a way that does not disclose H to the IP. If H is not disclosed to the IP, but only to user and relying party, then there can be no collaboration, even if IP=RP.

Please correct me if someone else knows more.
UProveTeam

Mar 07, 2011 at 2:04 PM

Indeed, U-Prove tokens are obtained using an advanced issuance protocol that results in “unlinkable” public key and issuer signature (these values are randomized by the user in the process). Since the issuer never sees these values, they cannot be used to track the user, even in collusion with the relying party (even if the issuer _is_ the relying party).
The video refers to our first U-Prove CTP. We recently released an update to the CTP, using the same architecture model but with a different client implementation. Details can be found on http://www.microsoft.com/u-prove; I encourage you to take a look at the white paper and the technology overview for more information.