[Linux-aus] Fwd: Re: Grant application
Michael Van Delft
michael at hybr.id.au
Fri Oct 16 16:57:36 AEDT 2015
Perhaps you can clarify some things for me because I'm really having
trouble trying to grok what you are trying to do here.
I suspect I may have spent far too much time on this already but any
way... I started by reading the PDF you had attached and I couldn't
understand what you are trying to achieve. So then moved on to the
forum link you posted and read that thread from beginning to end and I
still couldn't understand what the problem you were trying to solve
was. Or rather I think I understand what the problem you are trying to
solve is, but the way you are trying to solve it, and the crypto tools
you are using simply don't make sense to me.
Please correct me if I'm wrong but you are fundamentally trying to
solve two problems:
A) To prove something is unique.
B) To prove something has come from who it says it's from.
So part A is a bit like a serial number, in your example you use
pills. If you see two pills that have the same serial number you know
something has gone wrong, maybe one is a counterfeit. Part B is like a
PGP signature, you want to be able to prove that the pills came from a
reputable source so they are signed.
But I'm not sure how your solution solves either of those issues;
Looking just a part A, proving something is unique you say that you
will "log the number or hits each subkey receives". So effectively you
have a log of how many times it’s been queried but I don’t see how
this verifies that it’s unique. Let’s use the example of a bottle of
pills rather than an individual pill.
Let’s say the pill bottle is scanned by the courier who picks it up
from a manufacturing plant the way to the chemist. Then by the chemist
when they received the pills from the courier (because they want to
verify they are from the manufacturer and the courier hasn't done a
switch). Then by the customer when they get the bottle (because they
want to verify they are from the manufacturer and the chemist hasn't
done a switch). Maybe in the supply chain the bottle has been looked
up 3 times. But I don’t see how knowing that a subkey has been queried
1, 2, 3 or 27 times proves whether it’s unique or not. It could be one
bottle that's been checked 27 times, or 27 identical bottles that have
been checked once. Or 1000 identical bottles but only 27 customers
that care enough to check.
Also checking the count of how many times a subkey has been queried
relies on a single central authority (i.e. your website) that must be
trusted. There is no way others can verify the count you have is
And if part A doesn’t hold up, you can't prove something is unique, I
don’t think part B holds up either. I can’t see what would stop
someone from just opening up one bottle of pills, and replacing the
contents (with or without querying the subkey) and then passing it off
as genuine. Or simply copying the label (assuming it’s a QR code with
the public key) and producing several copies of the bottle passing
them off as genuine.
On 15 October 2015 at 10:48, Derren Desouza <derrend at yahoo.co.uk> wrote:
> Hello again,
> I would like to apply for a grant for advertisement revenue.
> I have developed the service explained in my previous email which may be
> viewed below to a usable level but my aims have not changed.
> I would humbly request funding for 1000 impressions per day for the next
> 180 days on coindesk.org, at $35 (US) CPM, which would be $8820 (AU) or
> $1470 per month for the next six months.
> Or if you would be willing to supply me with the full $2000 per calendar
> month for the next twelve months which I originally applied for to cover
> hosting and allow me to outsource the development of an Android and IOS
> app then that would be even better and I could focus 100% of my energy
> on multisig support. Otherwise I will have to learn java and the android
> platform myself which is what I have been doing for two weeks now.
> Just so the community doesn't think that I have been doing perfectly
> well since May without funding, the reason for this is because I went
> into debt rather than allow development to stop.
> My hosting situation is extremely inadequate and not at all robust, for
> instance there is only one point of failure in Singapore which would
> render the project unusable. Ideally I would host the service using the
> coreOS platform and at least three paas instances on different
> continents (asia, usa, europe).
> Here is a link to the updated info regarding the project and the
> progress made over the last half year:
> And the project itself: https://cryptoproof.info/
> Also a link to the reddit community and the very interesting
> conversation I had recently with a fellow engineer in the 3D printing
> And a ling to the youtube video tutorial if you would like to see the
> service in action:
> kind regards
> On 14/05/15 13:39, Derren Desouza wrote:
>> Project Name:
>> CPOP - Cryptographic Proof Of Production
>> Aim of Project:
>> Produce a service for the general public whereby normal people will be
>> able to verify to an exceptional hight degree of certainty that products
>> or services provided to them originated from the source that they expect
>> with ease.
>> A prototype is already available for testing at http://cryptoproof.info
>> Please see attached proposal for further details.
>> Person Responsible for Request:
>> Derren Desouza (myself)
>> $2000 per calendar month for the next 12 months.
> linux-aus mailing list
> linux-aus at lists.linux.org.au
More information about the linux-aus