1995-11-13 - Re: expiration dates on cryptography

Header Data

From: shields@tembel.org (Michael Shields)
To: cypherpunks@toad.com
Message Hash: 53c9d1a2d648b0ab3580664cc92caf9454ad58c8599e5e23b2f42c3dcbbad1b1
Message ID: <483im9$ja@yage.tembel.org>
Reply To: <acc62dde07021004cd59@[205.199.118.202]>
UTC Datetime: 1995-11-13 01:30:50 UTC
Raw Date: Mon, 13 Nov 1995 09:30:50 +0800

Raw message

From: shields@tembel.org (Michael Shields)
Date: Mon, 13 Nov 1995 09:30:50 +0800
To: cypherpunks@toad.com
Subject: Re: expiration dates on cryptography
In-Reply-To: <acc62dde07021004cd59@[205.199.118.202]>
Message-ID: <483im9$ja@yage.tembel.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <acc62dde07021004cd59@[205.199.118.202]>,
Timothy C. May <tcmay@got.net> wrote:
> Even the "timed-release cryptography" is NOT a pure cryptographic system,
> as the idea of "temporal state" in crypto is iffy. That is, clocks can be
> jiggered. Even "sealed clocks" can be jiggered.

True "timed-release crypto" isn't possible with pure mathematics,
because time never appears in mathematical equations.  Time does appear in
physical equations, so it's conceivable that a device could be built that
really wouldn't divulge a secret for a given length of time.  However,
I'm not sure how such a device would work, and I'm not sure it would be
practical for long periods (longer than a human lifetime).

What I'm really proposing is "event-release" crypto based on reputation,
with checks and balances so that you can minimize the necessary level of
trust and prove breach of contract.  I think this is a useful service,
because you can convince yourself that in practice, it wouldn't be
profitable for the crypto houses to default, nor for an attacker to
compromise every house.

Once you have event-release crypto, time-release is an easy special case,
with zero human interaction and thus fast turnaround and low cost; but
"the beginning of the twentyfirst century" is just an event, as is "my
death" or "a horse with exactly three vowels in its name wins the 1996
Kentucky Derby".

I'm writing code for Tembel's Crypto House now, so I can get an empirical
grasp on this.

> "Self-destruct crypto" would work roughly the same way:
> 
> -- N agents holding pieces of puzzle, contracted to destroy those pieces on
> such-and-such date.

I don't see how this could work, considering that once there are copies
of a message in circulation among nontrusted parties it is impossible
to destroy the information.  Also, it's impossible to verify that an
agent has destroyed a message!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMKVN++yjYMb1RsVfAQF+6gQAkHRUneu61JtuHSuSIqS64eFSeMq/FUPw
ZXPf11EaIHrnyRW0KCedCbIG1EBcVfMCK4aQ/tLYZsPrROw/GXwns7H9RHfI64XN
aG41PjS7fBqzB21aV5MQCZ3vGzvvLLOwGVKo3SjteliHjKOyiJkEefjdP2KOzrjF
YfYNvmd3iZM=
=VIA/
-----END PGP SIGNATURE-----
-- 
Shields.





Thread