From: hfinney@shell.portal.com
To: cypherpunks@toad.com
Message Hash: 64459124661bc3a7078d50f3bc489d91b2d059d4eaf2e11f79340e483e0b292a
Message ID: <9308230602.AA25529@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1993-08-23 17:35:19 UTC
Raw Date: Mon, 23 Aug 93 10:35:19 PDT
From: hfinney@shell.portal.com
Date: Mon, 23 Aug 93 10:35:19 PDT
To: cypherpunks@toad.com
Subject: Chaum on the wrong foot?
Message-ID: <9308230602.AA25529@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain
A lot of our discussion is influenced by the ideas of David Chaum. He
pioneered technology which could protect individual privacy while allowing
very flexible sorts of credentials and guarantees. He has also played
a big role in the various proposals for digital cash.
But I think that Chaum has gone off in the wrong direction in the last
few years. More and more he is concentrating on protocols which rely
on a tamper-proof, hardware implementation of a cryptographic protocol
which he calls an "observer". This observer chip would sit in your
computer (which could be a Newton-style PDA or a smart card) and would
play an important part in the exchanges of information, cash, or credentials
which you would make with others. The observer basically makes sure you
are telling the truth in your transactions, that you are not double-spending
your digital cash, or not claiming a credential which you don't have.
Now, this approach has the obvious advantage that it allows solving
certain problems which can't be solved otherwise. There appears to be
no way to provide for secure, off-line digital cash, for example, other
than with something like an observer.
But it has the equally obvious problem of relying on a tamper-proof
chip as a necessary part of the protocol. Recently it seems that many
of the papers out of his group are designed to explore observer-based
protocols. This means that these ideas are not useful for software-only
implementations. One of the (relatively few) strengths that we and the
forces we represent have is that free software can be spread very far
and very fast, making it hard for those opposed to privacy to successfully
stop our efforts. Any technology based on special chips is going to
lose these advantages.
Another problem with the observer is psychological. Although Chaum goes
to great lengths to design his cryptographic protocols so that even a
cheating observer can learn effectively NOTHING about the computer user
that would compromise his privacy, people may still feel uncomfortable
about having a mechanical "conscience" in their pocket. People want to
feel in control of their computers, and I think supporting this control
is a big part of the Cypherpunks philosophy.
A related point is that there have already been comparisons on sci.crypt
between Chaum's observers and the Clipper chip, in that both rely on
tamper-resistant technology to implement features which are not entirely
in their owner's best interests. Assuming we do manage to successfully
defeat Clipper, the taint of this association may increase resistance to
observers.
I wish Chaum and his group would stop directing their efforts towards
protocols which require an observer chip to be effective. Granted,
there are some things that don't work as nicely without observers. But
I think that a realistic appraisal of the pros and cons suggests that
non-observer protocols are more likely to further our ultimate goal of
personal privacy.
Hal Finney
hfinney@shell.portal.com
Return to August 1993
Return to “tcmay@netcom.com (Timothy C. May)”