Comment by gyush

Comment by gyush 10 months ago

> As well as authenticating a message, they also provide third-party verifiability and (part of) non-repudiation.

I think digital signatures and third party verification are an incredibly useful feature. The ability to prove you received some data from some third party lets you prove things about yourself, and enables better data privacy long-term, especially when you have selective disclosure when combined with zero knowledge proofs. See: https://www.andrewclu.com/sign-everything -- the ability to make all your data self-sovereign and selectively prove data to the outside world (i.e. prove I'm over 18 without showing my whole passport) can be extremely beneficial, especially as we move towards a world of AI generated content where provenant proofs can prove content origin to third parties. You're right that post quantum signature research is still in progress, but I suspect that until post-quantum supremacy, it's still useful (and by then I hope we'll have fast and small post quantum signature schemes).

EU's digital signatures let you do this for your IDs and https://www.openpassport.app/ lets you do this for any country passport, but imagine you could do this for all your social media data, personal info, and login details. we could have full selective privacy online, but only if everyone uses digital signatures instead of HMACs.

sebbu 10 months ago

I already successfully used EU digital signatures through lex [1], but neither openpassport [2] not withpersona / linkedin [3] supports EU's new (2019+) identity cards, only passports. [1] https://lex.community/ [2] https://github.com/zk-passport/openpassport/issues/126 [3] https://www.linkedin.com/help/linkedin/answer/a1631613

Reply View 0 replies

ramchip 10 months ago

The article's point is that these properties are not always desirable. Imagine someone messages a friend via an app, and mentions that they're gay, in a country where it's illegal. If the app uses signatures they can't deny that they sent the message. If it's based on key agreement (like Signal), then either party could have faked the exchange, so there's at least some deniability.

Reply View 0 replies

ryukoposting 10 months ago

I have been trying to think of ways we could leverage digital signatures to prove that something isn't AI-generated, and it's really a fascinating topic to think about. It's hard to avoid making the leap from "this isn't AI generated" to "this exact person made this." Then there's the issue of ensuring that a person doesn't make ChatGPT write something, then copy and paste it somewhere else and sign it.

If anything, the hardest part of making an anti-AI proof system is ensuring people don't lie and abuse it.

Reply View 1 reply

some_furry 10 months ago

https://youtube.com/watch?v=1FuNLDVJJ_c
This talk from Real World Cryptography 2024 is probably a good place to start.

Reply View | 0 replies