From: shields@tembel.org (Michael Shields)
To: cypherpunks@toad.com
Message Hash: bb5e0dfbabd2acb97938658ecab402f1960d8d2d2ce6c41d18d1d3d9b12f1917
Message ID: <47m82v$4p4@yage.tembel.org>
Reply To: N/A
UTC Datetime: 1995-11-07 04:26:41 UTC
Raw Date: Tue, 7 Nov 1995 12:26:41 +0800
From: shields@tembel.org (Michael Shields)
Date: Tue, 7 Nov 1995 12:26:41 +0800
To: cypherpunks@toad.com
Subject: Timed-release crypto and information economics
Message-ID: <47m82v$4p4@yage.tembel.org>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
1. Method
In 1993, Timothy C. May posted a message to this list
<URL:http://www.hks.net/cpunks/cpunks-0/1460.html> with some thoughts on
time-release crypto. I think his system is too complex. Here I present
a cleaner model, and show how it can be used in several real-life ways.
In the May proposal, when you have a message to be encrypted, you
encrypt it with a session key, optionally split that key with an n-of-m
scheme, and then send the key into a network of escrow agents, which are
instructed to hold the message for a given period of time. You then
hold onto the encrypted message, though you need not keep it secret.
Conceptually, you have encrypted a message and then remailed the key to
yourself in such a way that it will take X length of time to arrive.
I have a simpler, public-key plan. When you want to keep a message
secret until date X, you ask your favorite crypto house to generate a
key pair and hold the secret key until date X. You then encrypt your
message with the public key, and again hold onto the encrypted message.
N-of-m trust management can be implemented by secret-sharing your message
and encrypting each with a key generated by a different crypto house.
This method is clean, fully anonymous, and nearly stateless.
2. Economics
I've worked out a payment model for both the public and secret key, which
I think can be used for any sort of information in an information economy
not based on (increasingly unenforceable) intellectual property laws.
In this model, the creator of information charges enough to recover
his costs (call this price, the price available to the first buyers,
the "primary cost"). It is then possible for resellers to purchase
it and try to make a profit through multiple sales at a lower price.
If the reseller is hoarding the information, another one can step in,
pay the same initial rate, and try to do better.
This model seperates marketing of information from producing it, and gives
an easy way to profit from doing either. Of course, it's possible to
conflate them into a information creator that sells directly to end-users.
Once you abstract this you'll notice that (a) it's much like existing
models for those who create information for hire, such as writers and
programmers who sign over copyright but could recreate the work; and
(b) it can be applied to many less extreme scenarios, such as where the
reseller makes the product available but under a restrictive licence.
I think this is the basic fabric of an information economy.
Applying it to the selling of timed-release pairs, the primary cost
of the public key is some nominal charge, and the primary cost of the
secret key is the amount required to judge whether or not it should be
released -- a trivial amount for time-based release but something more
for event-based release. (A corollary is that you might pay the judging
fee for a secret key, and receive instead a certificate saying that it
cannot yet be released.)
3. Applications
* Bonds: You deliver $1000 in ecash to the issuer. In returns it gives
you a unique certificate redeemable for $1100, encrypted such that
it may not be decrypted until the maturity date. You also get a
certificate saying that your encrypted bond is a bond, so that you
may demonstrate fraud if you find something else once you decrypt
it at maturity. Essentially this is the same as creating a private
corporate ecash bank. Coupon bonds are a trivial extension.
* Retirement plans, cryonics funds, and wills: You encrypt your assets
or your will in a custom event-based key, and archive it with your
executor.
* Idea futures: You have a pair of key pairs generated, one for
encrypting YES coupons, and the other for NO coupons. Now anyone
can generate and sell their own coupons, consisting of $1 in ecash
encrypted with a YES or NO event-release key, again with a certificate
of authenticity to verify fraud.
* Bonding: You pay $1001 for a reputable institution to give you a $1000
bond encrypted in the event-release key based on your breech of
contract, and its complementary negative key, and send you and the
other party each one bond. If you default on your contract, the
injured party can ask the crypto house to release the default key;
if you do not, you can ask the crypto house to release the other key.
4. Cypherpunks write code
I'll let everyone tear into this for a few days, and then I'll put up a
server for timed-release key generation, charging maybe c$1. I'd like
to then enhance it to be capable of issuing bonds and loans denominated
in c$. (I like the cyberbucks trial because it's officially play money,
so there aren't any regulatory burdens.) This should be interesting.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMJ6jgeyjYMb1RsVfAQHKPAP8CF8HAN3dPa0QaJ3knDuv5gKd2yIUE57G
icK5flsVOHcmq2+y3LkB8uCWBT1IxyoWv9I2u1yQbujYtttjgparCoCeErXk7uPe
h7yY/eZzx3wgIrGxMEGePZftwoA2aGfyO+wDy/5lPZ0yWxLpoLr67RfpWbutqinf
bmn6xeL64lg=
=iXOF
-----END PGP SIGNATURE-----
--
Shields.
Return to November 1995
Return to “shields@tembel.org (Michael Shields)”