From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 15 Nov 1995 13:53:20 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: Who needs time vaults anyway?
In-Reply-To: <v02120d05accab753260f@[199.0.65.105]>
Message-ID: <Pine.SOL.3.91.951111130652.15607B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 11 Nov 1995, Robert Hettinga wrote:

> In the real world, there's a trustee/nominee of some sort who does this.
> What's that to keep that from happening on the net, just like our much
> maligned (guy's gotta make a living, fer chrissake!) assassination-payoff
> escrow agent...

Nothing really;  It would probably be better to do some sort of secret 
sharing and use a number of somewhat trusted escrow-agents, but the 
protocols aren't too complex. 

For the simple case where the release is time based, you could even make 
the process totally automatic; just have the escrow agents send off their 
bits of the key when the time has expired, and voila.

As for real time-release - how about just using conventional encryption, 
and require it to be brute-forced?

Depending on how fine grained you want the release to be, you could also 
take the inverse of Moore's law, work out how big a key you need to have 
it unbreakable in less than the desired time, add in whatever fudge 
factors you feel like based on how much it would be worth to the opponent 
to get early access, then lock up the secret and throw away the key. 

Simon