1994-06-11 - Timed-Release Crypto

Header Data

From: tcmay@netcom.com (Timothy C. May)
To: cypherpunks@toad.com
Message Hash: 9d3d54ff52c872ee2e998a380cc5c01374c2d8156db96bfb85a22f7d114a3bba
Message ID: <199406110525.WAA00543@netcom.netcom.com>
Reply To: N/A
UTC Datetime: 1994-06-11 05:26:00 UTC
Raw Date: Fri, 10 Jun 94 22:26:00 PDT

Raw message

From: tcmay@netcom.com (Timothy C. May)
Date: Fri, 10 Jun 94 22:26:00 PDT
To: cypherpunks@toad.com
Subject: Timed-Release Crypto
Message-ID: <199406110525.WAA00543@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



Eric Hughes was one of several others who made good comments. Here, Eric
mentions the "beacon" idea he brought up recently.

(I have 20 or so posts in this thread, which I won't mail to the List as a
whole, but which I'll be happy to mail to a _few_ people who are _really_
interested in our thinking at this time. As you may know, I have archives
of about 50 MB of Cypherpunks traffic, sorted by threads (in Eudora) and
ready for mailing. No, I can't make it available for ftp, for various
reasons which should be obvious.)

--Tim

>Date: Mon, 22 Feb 93 18:05:49 -0800
>From: Eric Hughes <hughes@soda.berkeley.edu>
>To: cypherpunks@toad.com
>Subject: Timed-Release Crypto
>
>By coincidence, I was thinking about time-release protocols the other
>day.  I've got most of a system worked out, but I need to write it up
>and look at it for a while to make sure it works.  what I think I have
>is a system in which the sender is given a key by a beacon which he
>can verify, at issuance time, will be revealed by the beacon at some
>future time.  The implementation (but not the basic idea) relies on
>using multiple public RSA keys with the same modulus.  I know there
>are some attacks against this, but I don't know their nature.  If
>someone who knows about this (or knows where to find out) could
>contact me I would be most appreciative.
>
>As far as sending money into the future goes, there are some tradeoffs
>between anonymity of payment, length of time in the future, and
>message size.  Anonymity of payment is difficult, since digital cash
>has to expire in order for the bank not have to keep ever huger lists
>of deposited numbers.  Large payments are less frequent anyway, and
>provide less covering traffic.  If you continuously rotate your money
>into the future, therefore, all the steps must be encapsulated, making
>the size of the message grow linearly with the number of hops.  One
>might be able to use a financial intermediary for anonymity, though.
>It's not obvious to me that this will work.
>
>Eric
>
>

..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."









Thread