1997-09-23 - distributed ratings & repudiable public signatures (was Re: encouraging digital pseudonyms)

Header Data

From: Adam Back <aba@dcs.ex.ac.uk>
To: tcmay@got.net
Message Hash: 160be1a32f16f08aa0027e0f5c1d38b43165e7a202af2df3511e67959ceba225
Message ID: <199709231830.TAA00303@server.test.net>
Reply To: <v03102805b04c51cb80d0@[207.167.93.63]>
UTC Datetime: 1997-09-23 18:44:29 UTC
Raw Date: Wed, 24 Sep 1997 02:44:29 +0800

Raw message

From: Adam Back <aba@dcs.ex.ac.uk>
Date: Wed, 24 Sep 1997 02:44:29 +0800
To: tcmay@got.net
Subject: distributed ratings & repudiable public signatures (was Re: encouraging digital pseudonyms)
In-Reply-To: <v03102805b04c51cb80d0@[207.167.93.63]>
Message-ID: <199709231830.TAA00303@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain




Easier to use pseudonyms would be nice, yes.

Another interesting "service" which really requires client support,
which would improve reading efficiency would be mailing list software
with distributed ratings.  A web based archive with cgi-bins to
accumulate ratings on posts would be feasible for you people who don't
have pay per second.

Then you construct your own matrix of reliance on individual rating
providors (other list readers), and you have probably a pretty good
estimate of your own likely interest in a given post.

Applies to non-anonymous posts too.  Plenty of trash ends up on the
list that hasn't come through a remailer.


We've got two conflicting desires with respect to persistent identity
and proof of authorship.  One desire is that you would like to provide
a verifiable persistent persona whilst remaining anonymous.  The other
desire is to be able to repudiate your signature.  (There might be
some value in having repudiability if you get a RICO conspiracy case
against US cpunks via Jim Bell.)

One tentative technical solution to this situation which I'm not sure
has been discussed before is to actually try this, in a way which
gives some non-repudiability, possibly quite good non-repudiability
for a cypherpunks purpose, but to at the same time arrange that it
would be fairly repudiable in legal terms. 

So how do we do that?

Well how about we arrange the signature keys, so that a combination of
relatively trusted cypherpunks could forge this public signature if
they colluded.  Say we arrange that all 4 of Lucky, Tim, John Young
and Black Unicorn have to collude to forge a signature.

That would probably be pretty good insurance against forgery for a
public posting purpose for the cypherpunks lists. 

At the same time if Tim signs his post saying "I bid $800k for that
suitcase nuke", and I post via a remailer an offer signed with my own
key of another $50k, well you-all would probably fairly confident that
I posted this due to the signature, despite forgery possibility.  A
jury would have to however swallow the claim that this signature could
have been forged by the collusion of two Nyms (the caped green one,
and some one known "as black unicorn"), and two crypto anarchist
types, well to them that's probably stretching belief.

(btw the idea of repudiable signatures for private email, where the
signature is constructed so that the recipient could forge it is an
established technique; it will provide the recipient with very good
confidence in the signature, yet it will be one persons word against
anothers if it comes to dispute.  Use remailers to enhance the effect,
otherwise people will be arguing that it's not forged as proved by
mail logs etc)

A general principle with repudiable signatures I think is that to
maximise the pluasibility of a repudiation you should use remailers to
deliver all your publically posted email.  With good tools this would
be no problem to list members, and would look like a real mess I think
to someone trying to prove authorship of disputed documents.

Fund pledge: Nuke them till they glow!  Any other donations :-)

Adam
-- 
Now officially an EAR violation...
Have *you* violated EAR today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`






Thread