68 lines
2.9 KiB
Plaintext
68 lines
2.9 KiB
Plaintext
NEWS
|
|
====
|
|
|
|
1.1.1 - September 30th 2011
|
|
---------------------------
|
|
|
|
This is the first official release of Cryptic.
|
|
|
|
|
|
Cryptic is a free software library released under the GNU GPL v2 and above
|
|
license.
|
|
|
|
Cryptic allows the implementation of digital certificates with advanced
|
|
properties. The goal is to ensure privacy for cross-organization exchanges of
|
|
certified data.
|
|
|
|
Cryptic is written in C language and depends on glib and openssl. Bindings for
|
|
the Python and Java languages are provided.
|
|
|
|
Advanced certificates helps in reducing the certified information disclosed to
|
|
verifiers. The certificates have the following properties:
|
|
* Selective disclosure of content.
|
|
* Proofs on attributes contained in certificates.
|
|
* Unlinkability between certificate issuing and showing transactions.
|
|
|
|
The Cryptic library can be used to create at a low-level certificates with the
|
|
properties previously enumerated. The certificate formatting, in XML or ASN1
|
|
for instance, is not handled in Cryptic.
|
|
|
|
The goal is a fine-grained information disclosure for off-line certificates.
|
|
Such certificates may be used multiple times without re-issuing. When a
|
|
certificate is issued on demand, it is trivial to make it includes only the
|
|
needed information. However, when the certificate is already issued, it is
|
|
useful to have means to select which signed information is revealed. For
|
|
instance, the selective disclosure allows to reveal a date of birth and not a
|
|
place of birth both contained in the same certificate. A range proof allows to
|
|
only reveal that the certificate prover is of age and not reveal the date of
|
|
birth contained in the certificate.
|
|
|
|
A certificate is said 'proved' because a secret is included in the
|
|
certificate. To only show a certificate require to prove to verifier that the
|
|
secret is known without revealing it. (It is similar to prove the knowledge of
|
|
a private key making a signature. In a way, the public key is proved as a
|
|
certificate is proved.)
|
|
|
|
Certificate holder is a term usually avoided because it may refer to bearer
|
|
tokens. Holder may be used if it is taken as a synomous to know the secret of
|
|
the certificate hold.
|
|
|
|
Furthermore, the CL-Signature implementation allows the unlinkability of a
|
|
certificate issued with this certificate shown to verifiers. In other words,
|
|
the certificate signature can not be used as a factor of linkability between
|
|
to transactions involving a same certificate. (But many other factors may be
|
|
used (time correlation, attribute contents, etc.), unlinkability is a huge
|
|
paradigm.)
|
|
|
|
The unlinkability may be expected when a user shows multiple times a same
|
|
certificate or between the issuing and showing transactions of this
|
|
certificate. The unlinkability of the user transactions is a strong property
|
|
of anonymity and ion some cases a privacy-preserving principle.
|
|
|
|
For instance, Cryptic can be used to implement e-cash and e-voting
|
|
architectures.
|
|
|
|
The library does not deal with storage and protocols, only computation.
|
|
|
|
See the README file for more information.
|