Deep Dive into U-Prove Cryptographic Protocols

Play Deep Dive into U-Prove Cryptographic Protocols

The Discussion

  • User profile image

    What does prevent the cooperation of the RP and IP to track the user?
    The IP could store who requested the token which resulted in {H}sign and report it back to the RP. What am I missing?

  • User profile image

    From my understanding they can't cooperate because IP & RP don't know about each other Smiley

  • User profile image

    Well, the RP must know the IP:

    1. to verify the signature

    2. to be sure that is a well known authority (equivalent of a CA in classical crypto)

    From what I understand is the "signature" part that handles this and it is not clear if H is what is actually disclosed to RP or not. If it is I don't see how RP and IP cannot cooperate, but again I might be missing somethig.

  • User profile image

    He didn't explain the whole process, so I'm guessing that's why the confusion. He did say that the signature process involves a collaboration between the IP and the user. As he mentioned in the video, he was not going to explain this new signature system, but it is different from the standard PKI system. I am guessing that H and it's signature are generated in a collaborative process between user and IP in a way that does not disclose H to the IP. If H is not disclosed to the IP, but only to user and relying party, then there can be no collaboration, even if IP=RP.

    Please correct me if someone else knows more.

  • User profile image

    Indeed, U-Prove tokens are obtained using an advanced issuance protocol that results in “unlinkable” public key and issuer signature (these values are randomized by the user in the process). Since the issuer never sees these values, they cannot be used to track the user, even in collusion with the relying party (even if the issuer _is_ the relying party).

    The video refers to our first U-Prove CTP. We recently released an update to the CTP, using the same architecture model but with a different client implementation. Details can be found on; I encourage you to take a look at the white paper and the technology overview for more information.

Add Your 2 Cents