top | item 41598003

(no title)

gyush | 1 year ago

> As well as authenticating a message, they also provide third-party verifiability and (part of) non-repudiation.

I think digital signatures and third party verification are an incredibly useful feature. The ability to prove you received some data from some third party lets you prove things about yourself, and enables better data privacy long-term, especially when you have selective disclosure when combined with zero knowledge proofs. See: https://www.andrewclu.com/sign-everything -- the ability to make all your data self-sovereign and selectively prove data to the outside world (i.e. prove I'm over 18 without showing my whole passport) can be extremely beneficial, especially as we move towards a world of AI generated content where provenant proofs can prove content origin to third parties. You're right that post quantum signature research is still in progress, but I suspect that until post-quantum supremacy, it's still useful (and by then I hope we'll have fast and small post quantum signature schemes).

EU's digital signatures let you do this for your IDs and https://www.openpassport.app/ lets you do this for any country passport, but imagine you could do this for all your social media data, personal info, and login details. we could have full selective privacy online, but only if everyone uses digital signatures instead of HMACs.

discuss

sebbu|1 year ago

I already successfully used EU digital signatures through lex [1], but neither openpassport [2] not withpersona / linkedin [3] supports EU's new (2019+) identity cards, only passports. [1] https://lex.community/ [2] https://github.com/zk-passport/openpassport/issues/126 [3] https://www.linkedin.com/help/linkedin/answer/a1631613

ramchip|1 year ago

The article's point is that these properties are not always desirable. Imagine someone messages a friend via an app, and mentions that they're gay, in a country where it's illegal. If the app uses signatures they can't deny that they sent the message. If it's based on key agreement (like Signal), then either party could have faked the exchange, so there's at least some deniability.

ryukoposting|1 year ago

I have been trying to think of ways we could leverage digital signatures to prove that something isn't AI-generated, and it's really a fascinating topic to think about. It's hard to avoid making the leap from "this isn't AI generated" to "this exact person made this." Then there's the issue of ensuring that a person doesn't make ChatGPT write something, then copy and paste it somewhere else and sign it.

If anything, the hardest part of making an anti-AI proof system is ensuring people don't lie and abuse it.

some_furry|1 year ago

https://youtube.com/watch?v=1FuNLDVJJ_c

This talk from Real World Cryptography 2024 is probably a good place to start.