NEWS file added for release 1.1.1
This commit is contained in:
Mikaël Ates
parent
66289b46cf
commit
4afc37e559
|
|
@ -0,0 +1,67 @@
|
|||
NEWS
|
||||
====
|
||||
|
||||
1.1.1 - September 30th 2011
|
||||
---------------------------
|
||||
|
||||
This is the first official release of Cryptic.
|
||||
|
||||
|
||||
Cryptic is a free software library released under the GNU GPL v2 and above
|
||||
license.
|
||||
|
||||
Cryptic allows the implementation of digital certificates with advanced
|
||||
properties. The goal is to ensure privacy for cross-organization exchanges of
|
||||
certified data.
|
||||
|
||||
Cryptic is written in C language and depends on glib and openssl. Bindings for
|
||||
the Python and Java languages are provided.
|
||||
|
||||
Advanced certificates helps in reducing the certified information disclosed to
|
||||
verifiers. The certificates have the following properties:
|
||||
* Selective disclosure of content.
|
||||
* Proofs on attributes contained in certificates.
|
||||
* Unlinkability between certificate issuing and showing transactions.
|
||||
|
||||
The Cryptic library can be used to create at a low-level certificates with the
|
||||
properties previously enumerated. The certificate formatting, in XML or ASN1
|
||||
for instance, is not handled in Cryptic.
|
||||
|
||||
The goal is a fine-grained information disclosure for off-line certificates.
|
||||
Such certificates may be used multiple times without re-issuing. When a
|
||||
certificate is issued on demand, it is trivial to make it includes only the
|
||||
needed information. However, when the certificate is already issued, it is
|
||||
useful to have means to select which signed information is revealed. For
|
||||
instance, the selective disclosure allows to reveal a date of birth and not a
|
||||
place of birth both contained in the same certificate. A range proof allows to
|
||||
only reveal that the certificate prover is of age and not reveal the date of
|
||||
birth contained in the certificate.
|
||||
|
||||
A certificate is said 'proved' because a secret is included in the
|
||||
certificate. To only show a certificate require to prove to verifier that the
|
||||
secret is known without revealing it. (It is similar to prove the knowledge of
|
||||
a private key making a signature. In a way, the public key is proved as a
|
||||
certificate is proved.)
|
||||
|
||||
Certificate holder is a term usually avoided because it may refer to bearer
|
||||
tokens. Holder may be used if it is taken as a synomous to know the secret of
|
||||
the certificate hold.
|
||||
|
||||
Furthermore, the CL-Signature implementation allows the unlinkability of a
|
||||
certificate issued with this certificate shown to verifiers. In other words,
|
||||
the certificate signature can not be used as a factor of linkability between
|
||||
to transactions involving a same certificate. (But many other factors may be
|
||||
used (time correlation, attribute contents, etc.), unlinkability is a huge
|
||||
paradigm.)
|
||||
|
||||
The unlinkability may be expected when a user shows multiple times a same
|
||||
certificate or between the issuing and showing transactions of this
|
||||
certificate. The unlinkability of the user transactions is a strong property
|
||||
of anonymity and ion some cases a privacy-preserving principle.
|
||||
|
||||
For instance, Cryptic can be used to implement e-cash and e-voting
|
||||
architectures.
|
||||
|
||||
The library does not deal with storage and protocols, only computation.
|
||||
|
||||
See the README file for more information.
|
||||
Reference in New Issue