From: Jeff Barber <jeffb@sware.com>
To: pjm@gasco.com (Patrick J. May)
Message Hash: 654d8cba335a2c785e9e9f06d8bfdac33bfa565e511b7211e98f5f9a540d6d1c
Message ID: <9409222112.AA21826@wombat.sware.com>
Reply To: <m0qnu59-0003q2C@ionia.gasco.com>
UTC Datetime: 1994-09-22 21:49:21 UTC
Raw Date: Thu, 22 Sep 94 14:49:21 PDT
From: Jeff Barber <jeffb@sware.com>
Date: Thu, 22 Sep 94 14:49:21 PDT
To: pjm@gasco.com (Patrick J. May)
Subject: Re: End of HIT MEN thread
In-Reply-To: <m0qnu59-0003q2C@ionia.gasco.com>
Message-ID: <9409222112.AA21826@wombat.sware.com>
MIME-Version: 1.0
Content-Type: text/plain
Patrick J. May writes:
> (I just want to see how long a thread with the subject "End of ...
> thread" can keep going.)
I admit, not a very good title with which to continue the thread.
> Jeff Barber writes:
> > After considerable struggle, I have finally succeeded in coming up with
> > a mechanism through which the hiring party and the murderer-for-hire
> > can make a contract through the escrow service in such a way that the
> > escrow service doesn't know that the contract is for murder.
>
> I'm interested in your solution. Mine is to set up the escrow
> payment seperately from the verification. The escrow agent would
> release the funds when instructed to do so by a specified verification
> agent. This eliminates the risk of the escrow agent keeping the money
> without losing reputation.
I simply took it one step farther and did away with the need for
verification of a "hit" (of course it's replaced by a step which
verifies the "death" but does not require that it appear to be a hit).
I did this by assuming into existence an on-line coroner's "clearinghouse"
to which ALL the coroners belong and to which all death certificates
are filed. This way, no one other than the killer and the hiring party
need ever know that a hit has taken place.
If the clearinghouse provides an automated e-mail server (or functional
equivalent) which will answer the question "Is <named individual>
dead?" with a response message in a standard format and encrypted
with a key provided in the request, then the killer and the employer
can cooperate in the creation of a request packet and an "expected
response" packet. In my scheme, another trusted agent is required
during the setup phase -- his only function is to ensure that the
employer doesn't cheat in the preparation of these packets.
Then, the employer simply gives the encrypted expected response packet
to the escrow service with instructions to pay the killer when he
can produce a copy of the packet. The killer will only be able
to obtain this when the coroner's clearinghouse responds to a query
with the "victim is dead" response encrypted in the key prepared by
the employer. This key is known only by the employer but was also used
in the preparation of the expected response packet.
So, the steps are:
1 Employer creates a key P (which he does *NOT* disclose to Killer).
2 The two now cooperate in a set of transactions with Trent using
P and C (where C is the public key of the clearinghouse).
3 First, Killer provides plaintext of the request, plaintext of
the expected response and the public key of the clearinghouse
to Trent.
4 Then, Employer provides P, the plaintext of the expected response
and the public key of the clearinghouse to Trent.
5 Trent verifies that both copies of the plaintext of the expected
response and both copies of the public key are the same (so that
neither of the parties can cheat the other).
6 Now, Trent takes the plaintext of the request, appends P and
encrypts the results with the public key of the clearinghouse.
This he gives to Killer (doesn't matter if Employer sees it too).
7 And, Trent takes the plaintext of the expected response, encrypts
it with P and gives the result to Employer (only). (He also
gives a hash of it to Killer so that Killer can verify that
Employer gives the same packet to the escrow service below.)
8 Employer gives the encrypted expected-results packet (along with
the money, etc.) to the Escrow service with the instructions
that Killer can have the money when he produces an exact copy of
the packet.
9 After verifying that the escrow service has the money, and
that the hash of the packet held by the escrow service matches
what Trent gave him, Killer whacks the victim.
10 Within a few days, the victim's death is is duly filed in the
clearinghouse. Now, Killer can send the encrypted request packet
produced by Trent to the clearinghouse.
11 The clearinghouse uses its private key to decrypt the request
producing the plaintext request along with a key (P) in which to
encrypt the response.
12 Since the victim really is dead, the clearinghouse produces a
plaintext equivalent to the original expected-response plaintext,
then encrypts it with P, producing the magic cookie Killer needs
to get his money.
13 The clearinghouse returns the results to Killer who forwards a
copy to the escrow service along with his demand for the money.
14 The escrow service pays off -- end of contract.
Probably, this could be modified so that Trent doesn't need to see
the plaintext request and response, but I'd have to get out Schneier
and spend all night thinking about that. Also, it doesn't seem that
important since the request and response are small snippets of text
that Trent operates on a hundred thousand times every day. Furthermore,
all Trent can do is refuse to perform the transaction -- neither of
the parties to the contract will be out a dime if he won't.
> I agree (please punch holes in my proposed scenario). I don't
> know how to provide such a proof. The hit verification agent will
> have to attend a lot of autopsies and funerals.
Avoiding this is the primary reason I have the coroner's association.
In essence, all that is needed is a trusted source of information about
the real world. It could just be an ordinary general purpose information
retrieval service, except that it has to know about deaths of particular
individuals and I don't see any route other than the on-line coroner
for the information to make it into "cyberspace".
OK, now that that's done with...
Unless goaded into another response, I too will shut up about this thread.
-- Jeff
Return to September 1994
Return to “Sandy Sandfort <sandfort@crl.com>”