From: hughes@ah.com (Eric Hughes)
To: cypherpunks@toad.com
Message Hash: fb6bcfb024f6ee906e878cb98256c9a81929180dec19001244578f986d656320
Message ID: <9308240131.AA05517@ah.com>
Reply To: <9308230602.AA25529@jobe.shell.portal.com>
UTC Datetime: 1993-08-24 01:41:41 UTC
Raw Date: Mon, 23 Aug 93 18:41:41 PDT
From: hughes@ah.com (Eric Hughes)
Date: Mon, 23 Aug 93 18:41:41 PDT
To: cypherpunks@toad.com
Subject: Chaum on the wrong foot?
In-Reply-To: <9308230602.AA25529@jobe.shell.portal.com>
Message-ID: <9308240131.AA05517@ah.com>
MIME-Version: 1.0
Content-Type: text/plain
I applaud Hal's insight into Chaum. I was in Amsterdam last year for
a few weeks working for/with him, and I can substantiate what Hal
says. I was only there for six weeks, which was supposed to have been
the start of a longer relationship, but I got out.
>But I think that Chaum has gone off in the wrong direction in the last
>few years. More and more he is concentrating on protocols which rely
>on a tamper-proof, hardware implementation of a cryptographic protocol
>which he calls an "observer".
The observer, owned by the user, opens a communications channel to a
chip and to a central computer, both controlled by some company. The
observer then mediates the communication between the chip and the
central computer to make sure that no privacy information leaks out.
>There appears to be
>no way to provide for secure, off-line digital cash, for example, other
>than with something like an observer.
This statement, while certainly true in Chaum's mindset, I no longer
believe to be true. The question hinges on what 'security' means. To
Chaum, it means that fraud losses are a mathematically perfect zero.
To a real business, however, the losses must be bounded. The smaller
the bound, the better, of course, but real financial service companies
can and do tolerate some loss due to (technological) fraud.
If the cost of the perfect system is more than the losses from fraud,
there's no point in deploying it. Make no mistake, the observer
system is expensive. The reasons smart cards are not more widely
deployed is that they're too expensive per card. The observer
protocols requires both a smart card and a small hand-held computer!
>This means that these [observer] ideas are not useful for software-only
>implementations.
Not only not useful, but totally inapplicable. The observer model
relies upon the fact that the computations inside the chip are unknown
to the user. This just can't be the case with a software-only system.
>I wish Chaum and his group would stop directing their efforts towards
>protocols which require an observer chip to be effective.
This just won't happen. The observer protocols are *patented*, you
see. Anyone can design and build observers, because the spec is
public, but you've got to pay up.
Chaum seems to be basing his whole strategy for the future on
observers. I think it's a gross strategic mistake.
>I think that a realistic appraisal of the pros and cons suggests that
>non-observer protocols are more likely to further our ultimate goal of
>personal privacy.
Amen.
Eric
Return to August 1993
Return to “tcmay@netcom.com (Timothy C. May)”