[tor-reports] Fwd: February 2017 Report for Tor Bridge Distribution

Thu Mar 2 08:32:00 UTC 2017

isis agora lovecruft:
> ----- Forwarded message from isis agora lovecruft <isis at torproject.org> -----
> 
>> From: isis agora lovecruft <isis at torproject.org>
>> Subject: February 2017 Report for Tor Bridge Distribution
>> Date: Thu, 2 Mar 2017 05:30:08 +0000
>> Message-ID: <20170302053008.GA21919 at patternsinthevoid.net>
>> To: otf-projects at opentechfund.org, otf-active at opentechfund.org
>> Cc: isis agora lovecruft <isis at patternsinthevoid.net>, Henry de Valence <hdevalence at hdevalence.ca>
>> Reply-To: isis at patternsinthevoid.net
>> Delivered-To: <isis at patternsinthevoid.net>
>>
>> Hello!
>>
>> My apologies for missing a January report.  Much of January was spent,
>> unfortunately, dealing with the personal repercussions of an unexpected EO.
>>
>>
>> The following progress was made in (late) January through February 2017:
>>
>>  - The specification for elliptic curve zero-knowledge proof-of-knowledge of
>>    discrete logarithm equality was laid out in writing.  We also shared this
>>    construction publicly with other cryptographers on the Trevor Perrin's
>>    curves mailing list, [0] since both Tony Arcieri of Chain and George
>>    Tankersley of Cloudflare were looking to use the same construction.
>>
>>  - Outlined code for the above zero-knowledge proofs, and refactored some of
>>    the algebraic MAC and anonymous credential code.
>>
>>  - Begun setting up domain fronting for BridgeDB.
>>
>>  - More detailed documentation on our elliptic curve library,
>>    curve25519-dalek, as well as progress on the paper/specification for the
>>    cryptographyic requirements of our bridge distribution scheme. [1]
>>
>>  - Extended functionality for curve25519-dalek to ease implementation of the
>>    Elligator2 birational map (which we require) and other features necessary
>>    for a potential external implementation of VXEdDSA (which is useful to
>>    Signal and other projects). [2]
>>
>>  - Finished a ~~beta~~ implementation of Decaf [3] for curve25519. [4]  Since
>>    we know of no other implementations which compiles, we are looking forward
>>    to further testing and review.  NCC Group has potentially (and generously)
>>    offered to audit our cryptographic work, since (as mentioned above) other
>>    companies are intending to use it.  For now, we'll call it extremely
>>    yolocrypto beta, and base our prototype off of it.
>>
>>  - Finished the API for new Bridge Distributors and deployed to production. [5]

That's a bit dense for me. Could you elaborate what e.g. "deployed in
production" means? Can user use that new feature now? If so, how? Or can
devs test it? And I am confused about "Finished" as well with the link
to distribute.py because that file did not get touched for almost two years.

Georg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-reports/attachments/20170302/d24e72c8/attachment.sig>