1994-06-02 - Micali’s “Fair” Encryption

Header Data

From: tcmay@netcom.com (Timothy C. May)
To: sommerfeld@localhost.medford.ma.us (Bill Sommerfeld)
Message Hash: dff2051c5553793917c575dec2c2041ad74ad518b4900fe46f050182551eb9b8
Message ID: <199406020558.WAA21607@netcom.com>
Reply To: <199406011610.MAA00382@localhost>
UTC Datetime: 1994-06-02 05:58:36 UTC
Raw Date: Wed, 1 Jun 94 22:58:36 PDT

Raw message

From: tcmay@netcom.com (Timothy C. May)
Date: Wed, 1 Jun 94 22:58:36 PDT
To: sommerfeld@localhost.medford.ma.us (Bill Sommerfeld)
Subject: Micali's "Fair" Encryption
In-Reply-To: <199406011610.MAA00382@localhost>
Message-ID: <199406020558.WAA21607@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Sommerfeld writes:

> 	... Micali's major stuff, the ``fair'' public-key based systems.
> 
> Just to throw another sound bite in the pot:
> 
> Why would anyone in their right mind use a cryptosystem that's only "fair"
> when they have their choice of so many "good" and "excellent" ones like
> IDEA and RSA as well? :-) :-)

Micali's scheme could be very useful for ensuring that a secret is not
lost forever upon the death, departure, or forgetfulness of an
employee. Even Cypherpunks Inc. would probably be interested in a
crypto system that allows reconstruction of a key by some process, for
secrets belonging to the company.

Generally, a whole range of algorithms and protocols is not a bad
thing. (A similar example is a protocol for digicash that only
"allows" partial withdrawals of one's cash...why would anyone "want"
such a limiting system? Think about it.) So long as the market is able
to function, and is not distorted by coercive laws, expect various
sorts of systems.

This said, I dislike the "fair" appelation, as it seems to be a kind
of propagandizing. In this age of hype, not surprising. But very bad
if the "fair" name gets used to help make such schemes mandatory for
private citizens.

> disclaimer: I haven't read Micali's papers in detail, but I understand that
> the "fair' cryptosystem is effectively "key escrow in software".  Actually,
> I haven't seen his protocols discussed in any level of detail on this list.
> An overview might help improve the S/N ratio here..

I look forward to hearing your summary, Bill! Micali's paper was
presented at the '92 Crypto Conference ("Proceedings" should be
readily available in the usual places: university libraries and large
technical bookstores, or by special order from Springer-Verlag),
around the same time Denning was describing this and other possible
"trial balloons" for key escrow.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




Thread