From: Jason W Solinsky <solman@MIT.EDU>
Date: Thu, 25 Aug 94 11:00:08 PDT
To: Hal <hfinney@shell.portal.com>
Subject: Re: Is pay-per authentication possible absent trust?
In-Reply-To: <199408251647.JAA24365@jobe.shell.portal.com>
Message-ID: <9408251759.AA23689@ua.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


> Jason W Solinsky <solman@MIT.EDU> writes:
> 
> >Enter Ingve the insurance salesman. Ingve will guarantee to others that you
> >are certified by Charles by offering them bets. So suppose that Microsquish
> >sends you its advertising agent and the agent is offering a 10 nano-slinkys
> >[a cyberspatial monetary unit] bonus if you can produce one of Charles's
> >certifications. Charles is charging 8 nano-slinkys. In steps Ingve. You've
> >told Ingve that you are certified by Charles as a frequent purchaser of big
> >brother inside computers. So Ingve says: "I'll convince Microsquish to 
accept
> >my word that you have Charles's certification in exchange for just four
> >nanoslinkys. But if at my request you ask for the certification and 
Charles's
> >says you aren't certified then you owe me 64 nano-slinkys." Since you are 
sure
> >that you are certified you accept the deal. Then Ingve goes to Microsquish
> >and offers to insure your certification. Each time Microsquish accepts a
> >certification from Ingve for you, Ingve will pay Microsquish 2 nano-slinkys
> >but will be able to get your business (and thus offset that with the four
> >nano-slinkys). But, if it turns whenever Microsquish wants to it can check
> >up on your certification from Charles at cost (8 nano-slinkys). If Charles 
> >certifies you all is well. Otherwise, you owe Ingve 64 nano-slinkys and
> >Ingve has to pay up Microsquish's insurance claim (which could be quite 
large
> >depending on the policy.
> 
> One thing I don't follow here is under what circumstances a "challenge"
> will occur.  Presumably Microsquish will not blindly accept all of
> Ingve's assurances since they are backed only by promises.  Can
> Microsquish force Ingve to go to his clients and make them produce
> certificates?  Who pays for that?  Maybe if you factor in that cost it
> won't look so bad for Charles.

First, just let me note that there are a thousand ways to structure it.
In my example, Microsquish gets to hold a challenge whenever they want
to. If everybody is being honest Microsquish will lose eight nano-slinkys
each time they challenge so they won't do it frequently. If everybody
is not being honest, Microsquish will collect substantial damages.

> Also, just because Charles can't get what he wants for his certifications
> doesn't mean he is being cheated.

I refuse to get into another vocabulary fight :)

Lets just say that Charles isn't geting as much as he would like. Pay per
use is good for the consumer... note the resentment that high software
prices have created. Although everybody wins by adopting a system that
better approximates reality, ala superdistribution (but we are dealing with
authentication here, not information and after thinking about it alot I have
decided that authentication is NOT necessarily a form of information in that
you can easily demonstrate to somebody that you have been authenticated
without giving them the ability to prove it to somebody else [again lets not
get into a terminology debate, my point is that the intangible asset here
has a different set of properties from the kind we usually deal with in
information economy scenarios]), the consumer with his smaller buying power
wins the most.

So it would really suck for Charles to lose big at the hands of the consumer
because he tried to do something that dramatically improved the consumer's
position.

Now that I think about it, its possible that I'm in error approaching this
problem from a cryptographic standpoint. Maybe the correct course of action
is to establish a cybergovernment which prohibits "Ingve the insurance
salesman" attacks and then set up the fine structure such that the
conspirators will have an enormous incentive to turn each other in.

> It's a market, after all.  You could
> just as well say that somebody else opens up a certification shop that
> sells certifications just like Charles' for less.  It's not the fault of
> the protocol that Charles' business dries up.  If the value of his
> certifications drops (as in your scenario) then his business should decrease.

Agreed, but it is highly desirable for charles NOT to be forced into
selling certifications for a one time fee from the standpoint of all
involved. Assuming Charles is intelligent, unless we can demonstrate
to him a system that prevents these kinds of attacks, he's going to
be stuck with the one time fee payment scheme.

> Last, I'd say your problem exists just as clearly without Ingve.  You
> could make a deal with Microsquish promising that you would be able to
> get certifications if asked, with some agreed-upon procedure by which
> Microsquish could demand that you produce one, with appropriate
> penalties.  In that case probably Microsquish would believe some
> percentage of people and Charles' business would again fall off.  In
> practice Ingve might be useful to help even up fluctuations but the
> problem arises just as clearly without him.

Yeah. I hadn't been looking at it that way because in my model Ingve gets
played by an agent. There IS, however, an argument for giving control of
Ingve to a third party. As I note above, every time Microsquish checks on
the consumer it loses money. An Ingve could act as an intermediary between
Microsquish and a far larger number of consumers. The relationship thus
built (combined with statistical reality) allow Microsquish to use far
fewer test cases and place a significant (but of course not total) amount
of trust in Ingve's methods for guaranteeing valid licenses [whatever
they may be. It is quite conceivable that there are other things which
can alter the probabilities besides actually challenging the consumer
to get a certification from Charles]. This saves Microsquish, and infact
the whole system, money.

Cheers,

Jason W. Solinsky

BTW, perhaps there is an easier solution: only permit Cherles's
certifications to exist in an environment that he controls. Smart
cards and remote computers can easily do this, although remote
computers are undesirable due to their communications overhead.