1994-06-12 - Re: Protocol Wanted!!

Header Data

From: Peter Murphy <pkm@maths.uq.oz.au>
To: mpd@netcom.com (Mike Duvos)
Message Hash: 89ecc684d324e1d83deacff6d74917a3e9c61820cd1f0da21e7c3555b5abbb7e
Message ID: <9406120440.AA16993@axiom.maths.uq.oz.au>
Reply To: <199406120335.UAA12917@netcom.com>
UTC Datetime: 1994-06-12 04:41:13 UTC
Raw Date: Sat, 11 Jun 94 21:41:13 PDT

Raw message

From: Peter Murphy <pkm@maths.uq.oz.au>
Date: Sat, 11 Jun 94 21:41:13 PDT
To: mpd@netcom.com (Mike Duvos)
Subject: Re: Protocol Wanted!!
In-Reply-To: <199406120335.UAA12917@netcom.com>
Message-ID: <9406120440.AA16993@axiom.maths.uq.oz.au>
MIME-Version: 1.0
Content-Type: text


> 
> Peter Murphy <pkm@maths.uq.oz.au> writes:
> 
>  > Of the several problems stated above, I find the pricing
>  > protocol the easiest to deal with. There are a few things
>  > that need to be known. For example, what is the complexity
>  > of Bob's algorithm? Does it do it in polynomial time or
>  > (even better) some variant of logarithmic time? The cost
>  > should bear relation to this fact.
> 
> [Thud](Sound of Bruce Henderson fainting) This is an interesting
> perspective.  I would find myself arguing almost the opposite. It
> would seem to me that the price one charges for a product or
> service should depend only on its value to ones clients.  Not
> upon ones cost to produce it.

Not quite. I thought that the price that Bob would set would be as
high as he could get away with, without alienating the clients. If
Alice sends Bob a message to be decrypted, and shells out $100,000,
then Bob (assuming he's honest) will decrypt it. It's too bad if it
turns out to be just a juicy love letter - Bob's purpose was there
to decrypt it, and not to work out the value to the customer. After
all, if it turns out that the file was actually a design to some
FTL vehicle, then setting a flat price in the negotiation phase
prevents Bob from going around and upping the price to $10,000,000.

> 
> If the value of your product to your customers is $100,000, then
> the price should be $100,000 regardless of whether it costs you
> $1 or $10,000 to make.

I'm sorry - we seem to be thinking differently. The way I was thinking
was that Alice was actually giving Bob the message only, and that
Charlie (our suspected criminal) was smart enough to keep his public
key away from the office (or on a floppy disk). Of course, if Charlie
is stupid enough to leave his public key around, then Alice can send
only this key to Bob, and leave the 'naughty' message at the office.
Otherwise, Bob has only the ciphertext to go on - or possibly a bit
of plaintext, although Alice probably won't do that either.

> 
>  > The cost should also be related to the number of bytes in
>  > the message.
> 
> I'm not sure about this either.  A short message about a hidden
> bomb which reads "under your chair" is infinitely more valuable
> than a lengthy message containing the last six months of postings
> to rec.pets.cats.

But again, that's assuming that Alice does know what is in the
encrypted file. She (rightly) suspects that Charlie is giving stolen
goods away.... but she doesn't know that. See above. Anyway, Bob may
have other clients, and the time on his 486 is fairly precious.

> 
> Once Bob gives Alice the factors, all messages encrypted with
> that RSA public key can be decrypted, so the number of messages
> and the length of each aren't really an issue. Bob could keep the
> factors and sell Alice the plaintext of individual messages, but
> this requires a continuing business relationship which the
> anonymous Bob may not want.
> 
> If the messages contain confidential information, Alice may not
> want Bob to see them.  Since Alice is paying Bob big bucks to
> factor the key, it is unlikely Alice would agree to let Bob keep
> the factors to himself.

Ooh.. this is a tough subject to police. It is possible that we have
a company rep (Denise - isn't alphabetical naming beautiful :-)) looking
over Bob's shoulders while he's doing his stuff, and checking that he's
not saving the information to a private file. Possibly, Bob would do the
encrypting in Denise's office. After all, he may have built in an option
that saves all information acquired to a "key ring". Denise does not want
him to do this, and makes sure that he only bring the executable file
with him. She also makes sure that no suspicious files are created .
Remember that Bob does not want to give the program to Denise - it contains
his secret special recipe for factorization, and doesn't want anyone else
to examine the program too closely.

> 
> -- 
>      Mike Duvos         $    PGP 2.6 Public Key available     $
>      mpd@netcom.com     $    via Finger.                      $
> 
> 

=======================================================
| Peter Murphy. <pkm@maths.uq.oz.au>.  Department of  |
| Mathematics - University of Queensland, Australia.  |
-------------------------------------------------------
| "What will you do? What will you do? When a hundred |
| thousand Morriseys come rushing over the hill?"     |
|                                       - Mr. Floppy. |
=======================================================





Thread