Hacker News new | past | comments | ask | show | jobs | submit login

Is the substantive contribution here establishing a chain of custody from a single signature, rather than a chain of signatures? I only skimmed the paper, but I don't see how it would help us investigate breaches (wouldn't the attacker just remove the signature before publishing the database?) or authenticate based on SSNs (if I wanted to sign SSNs, why wouldn't I use a more conventional approach?).

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact