From: Bryce <wilcoxb@nagina.cs.colorado.edu>
To: sameer <sameer@c2.org>
Message Hash: 35bda7d309f2548b45c652f61e04f4a41fa0c98e2258c666477d60f857b39e9d
Message ID: <199511111953.MAA26503@nagina.cs.colorado.edu>
Reply To: <199511110843.AAA18344@infinity.c2.org>
UTC Datetime: 1995-11-13 21:33:21 UTC
Raw Date: Tue, 14 Nov 1995 05:33:21 +0800
From: Bryce <wilcoxb@nagina.cs.colorado.edu>
Date: Tue, 14 Nov 1995 05:33:21 +0800
To: sameer <sameer@c2.org>
Subject: Re: Who needs time vaults anyway?
In-Reply-To: <199511110843.AAA18344@infinity.c2.org>
Message-ID: <199511111953.MAA26503@nagina.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
Bryce wrote:
>
> Can anyone explain what use this theoretical "time-sensitive" crypto
> box would be good for?
Sameer wrote:
>
> Suppose you die.
Hey! Who do you think you are?
:-)
Just kidding. When I woke up this morning I realized what I was
missing: the decryption might be out of your hands, such as when
you die, or you might *want* it to be out of your hands for some
other reason.
With that in mind, I can think of only one unalterable lower-limit
on the time of as decryption-- the speed of light. Suppose you
encrypt your data with successive layers of keys, K1-Kn. Then you
encrypt each key with its predecessor, encrypting Kn with Kn-1,
encryping Kn-1 with Kn-2, etc. Destroy all copies of unencrypted
keys except for K1, which has not been encrypted. Now put all
odd-numbered keys in location A and all even-numbered keys in
location B, which is 1 light minute from location A. Once an agent
has received Key 1, it will take at least n minutes to decrypt
the data. Of course, the agent could just take copies of all of the
keys from location B on some physical media and transport the media
to location A, which would make the lower bound on time to be "much
longer than 1 minute".
Hm. Suppose the n different keys are in n different physical
locations, and the agent does not know where the k+1 location is
until he decrypts the material at the k location. The "scavenger
hunt" scheme for timed decryption. Of course this doesn't mean that
you have to bury your crypto box and make a map with an "X" marking
the spot. Each key could be held by a crypto box which is
publically accessible on the Net. The important thing is that
the decrypting agent can't retrieve the k+1 piece until he has
decrypted the k piece. Then the lower bound on time of decryption
is... um... Well it depends on the location of the decrypting agent
with respect to the locations of the n pieces. (Neglecting, still,
transmission overhead and decryption time.) I'm not sure what the
lower bound actually is, but it can be increased simply by adding more
pieces to the puzzle.
A single station could serve up multiple pieces. It would only
reveal the k piece if the querying agent can prove that he has the
k-1 piece. Of course if the total number of stations is small then
the "physically move the pieces" trick might work.
Bryce
signatures follow
"To strive, to seek, to find and not to yield."
<a href="http://www-ugrad.cs.colorado.edu/~wilcoxb/Niche.html">
bryce@colorado.edu </a>
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01
iQCVAwUBMKT/JPWZSllhfG25AQFDlwQAhWHB//NeYM8vylQcBDWbNmScrVoCjUdR
TmXVDtnLCZcrAv233l+H3SpdEQmMwQwQCQrM52AreQWMYTSBLuxqr7j9SbpZjek2
FFCMDezbvBPX3ZIuX3SVwrdHa6dm4qgGtpKyfFHxDAn39p+T/HJ+uKaZbA7YVbTC
U6NnnfYv1k8=
=/2+H
-----END PGP SIGNATURE-----
Return to November 1995
Return to “shields@tembel.org (Michael Shields)”