1993-02-27 - timestamps and signatures

Header Data

From: root@rmsdell.ftl.fl.us (Yanek Martinson)
To: ld231782@longs.lance.colostate.edu
Message Hash: 6fccedc5260ee3e655de255a8d0b96a13819c321407a08866bcd9bdcce425f59
Message ID: <m0nSIOf-00030IC@rmsdell.ftl.fl.us>
Reply To: N/A
UTC Datetime: 1993-02-27 03:44:49 UTC
Raw Date: Fri, 26 Feb 93 19:44:49 PST

Raw message

From: root@rmsdell.ftl.fl.us (Yanek Martinson)
Date: Fri, 26 Feb 93 19:44:49 PST
To: ld231782@longs.lance.colostate.edu
Subject: timestamps and signatures
Message-ID: <m0nSIOf-00030IC@rmsdell.ftl.fl.us>
MIME-Version: 1.0
Content-Type: text/plain


> ||use electronic ... public-key signatures, the kind that make it impossible
> ||for one to deny having signed something.                ^^^^^^^^^^^^^^^^^^
> ||^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> | Nice theory, but too simple.
> | I can always deny signing something by claiming that my private key was
> | compromised.  I can even deliberately let it be known, if it's important
> There's some very nice work by two people at Bell Labs (whose names I can't

One of them is Stuart Haber (stuart@bellcore.com)

> unforgeable digital timestamps.  This is a much trickier problem than it firs
> appears to be, but they have a nice solution.  

It's not too complicated.  Basically, what you do is produce a hash
of your text, and publish it widely in a medium that is being
archived, and likely to be accessible and authenticable at a later
time, for example by posting it in a classified ad in a large
newspaper.

Later, when verifying the timestamp one can get a copy of that
newspaper from a library (or from several libraries, for greater
security) and compare the published hash with that of the text.

For greater efficiency, there's a simple way to combine a lot of
messages and produce only one hash which is published.  The
information you get back and store as a part of the timestamp is
enough to prove that this particular hash was one of the many combined
to produce the published value.

This system is actually operating, look in any Sunday New York Times
in the Business Classifieds.


> Given timestamps, we can then require that messages be not just
> signed but dated.  If my key becomes compromised, I revoke all
> my signatures from some time on.  By looking at the timestamp
> that goes with the signature, we can determine whether it was
> created before or after the compromise, and discard it if "after".

Once can always claim that they "just found out" that their key
has been compromised a year ago, and so deny having signed that
signature.


--
Yanek Martinson
yanek@novavax.nova.edu




Thread