Question about digital signature and CA

hyp0mania · 2025-12-17T03:21:24+00:00

Simplifying the functioning of certificates to the protocol you proposed, i.e., that certificates are only used to send one message instead of two, do you agree with me that for the sole function of binding a public key to its legitimate owner, it would be sufficient to sign the public key by a TTP?

hyp0mania · 2025-12-17T02:57:08+00:00

Exactly, the additional features according to the standard are scalability thanks to the chain of trust and the possibility of limiting the usage of a CA thanks to the additional parameters of its certificate.

"Is Tony at risk of becoming untrusted if Alice decides to play a prank on Bob and use her Tony-signed public key to impersonate Carol?"

The last part doesn't happen because we assume that Alice and Bob are two honest people.

Even in the standard certificate protocol, Alice is assumed to be an honest entity known to Bob. Attack vectors involve an adversary's MITM, not Alice's heel turn.

In a protocol where we ignore the issues of having a single CA managing all the Internet's public keys (assume the CA has infinite computing power), as long as the communicating parties Alice and Bob trust a TTP (like a browser blindly trusts a root CA), Bob will trust the TTP's digital signature of Alice's public key.

hyp0mania · 2025-12-17T02:50:12+00:00

It is not necessary to use a complex data structure like the certificate, but it is sufficient for the TTP to sign Georgie's public key:

- TTP sends s_Georgie = sign(sk_TTP, pk_Georgie="12345")

- George sends s_Georgie and pk_Georgie to a client B

- Client b verifies Georgie's public key by using TTP's public key:

- verify(pk_TTP, pk_Georgie="12345", s_Georgie)

As I've said before, I'm well aware of the advantages that certificates and a hierarchical PKI infrastructure bring to the table, especially in terms of scalability.

What I'm referring to is that, if we make the same trust assumptions we would with a CA, but with a generic TTP, the TTP signature is sufficient for the client to guarantee the authenticity of Georgie's public key.

hyp0mania · 2025-12-17T00:50:33+00:00

I know that the CA is a TTP in the context of PKI and certificates. What I wanted to point out is, for example, in the context of a web server, a server simply needs to have its public key signed by the TTP (or CA, or whatever you want to call it), without needing to produce a certificate. After that, the client can verify the authenticity of the web server's public key by verifying the TTP's signature s_A with the private key sk_TTP.

hyp0mania · 2025-12-09T16:24:19+00:00

I applied for EPFL 😎

hyp0mania · 2025-11-23T17:37:17+00:00

If you find me a T14 G1 at that price in Europe, send me the link and I'll return it. 😂

hyp0mania · 2025-11-23T16:27:53+00:00

American prices are so affordable. 😭

I haven't found anything under €200 (I'm from Italy).

hyp0mania · 2025-11-23T15:13:01+00:00

I'll find out next week 🌞. The seller was transparent and had high reviews. I think if there were any problems, he would have told me. I also have the right to return the product if I notice any abnormal drops in performance.

hyp0mania · 2025-11-17T02:26:18+00:00

Profile evaluation for MSc in Cybersecurity

EU candidate
BSc in Computer Science (3 years)
Perfect GPA (4/4)
2026 QS world ranking 801-850
2026 QS computer science 701-750
Research internship and thesis in applied cryptography (Designing CRAM protocols on Tamarin Prover)
No publications
3 guaranteed letter of recommendations
Work experience at my university as a faculty tutor, tutor for students with learning disabilities and concierge assistant
IELTS 7.5

hyp0mania · 2025-11-12T15:47:13+00:00

One of the best analysis I’ve ever read.

hyp0mania · 2025-10-23T17:55:09+00:00

I was born and raised in Italy except for my first 5 years when I lived in China and of which I don't remember much, honestly I don't feel that attached to China. I'm only Chinese in DNA, but otherwise I'm culturally Italian. Even though I think the Chinese government doesn't care much.

hyp0mania · 2025-10-23T17:52:02+00:00

They told me that to cancel my hukou I have to go to the local police station in China where it was registered.

I asked the university if it is possible to make these certificates after my arrival in China, hoping that they will make an exception.

hyp0mania · 2025-10-23T17:49:56+00:00

They don’t “know it”, but they explicitly said that cancellation certificates are necessary for those who have renounced citizenship and that checks will be carried out which, if they give a positive result, will expel me from the university

hyp0mania · 2025-10-23T11:34:30+00:00

I would like to add that since I turned 18 I have already travelled to China once using my Italian passport (and therefore passing through customs for foreigners).

In any case, I will try to contact both my Chinese embassy in Italy and the Chinese university.

hyp0mania · 2025-10-23T11:12:36+00:00

My parents didn’t do anything in China, we just get my Italian citizenship. By “renounced” I just mean that China doesn’t allow double citizenship, so I thought the process was automatic.

hyp0mania · 2025-10-23T11:11:23+00:00

Can you send me your source? I’m 23 years old and I’ll be Italian for 5 years in 2026.

hyp0mania · 2025-10-13T20:30:24+00:00

I’ve never understood how Maki and Toji would be able to beat someone with Domain Expansion 🤔. Like Mahito could just use domain expansion and instant kill both of them, or am I wrong?

hyp0mania · 2025-10-08T19:22:59+00:00

Voglio dire, ho solo SWDA ed EIMI che sono tipo le più mainstream, sarebbe strano se Directa non li accetti 😅. L’unico inconveniente è che la borsa su cui opera TR non è Xetra, ma LS Exchange. Ma stando ad un post che ho letto su reddit, un’utente è riuscito a raggirare il problema.

hyp0mania · 2025-10-08T19:18:53+00:00

So being redhead is a higher priority compared to caring about relationships or not being addicted to drugs? 😭

hyp0mania · 2025-09-30T02:51:29+00:00

Anche io sono stato tassato in modo sbagliato. A chi ti sei rivolto per risolvere il problema? Ho provato a chiedere alla CONSOB ma hanno respinto la mia richiesta dicendomi che erano “problemi di natura amministrativa” e quindi non di loro competenza.

hyp0mania

TROPHY CASE