From: Hal <hfinney@shell.portal.com>
To: cypherpunks@toad.com
Message Hash: d39a8e7e852a33612562036f16440a5758f5ac5546c501ea469e9922f4053a54
Message ID: <199607230313.UAA18607@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1996-07-23 22:14:46 UTC
Raw Date: Wed, 24 Jul 1996 06:14:46 +0800
From: Hal <hfinney@shell.portal.com>
Date: Wed, 24 Jul 1996 06:14:46 +0800
To: cypherpunks@toad.com
Subject: Ross Anderson's Eternity service
Message-ID: <199607230313.UAA18607@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain
Sherry Mayo posted here a while back a reference to Ross Anderson's
Eternity service paper, <URL: http://www.cl.cam.ac.uk:80/users/rja14/#Lib >.
He is also giving an invited talk on the subject this fall at a crypto
conference in Prague.
The goal of the Eternity service is to make published information
permanently and ineradicably available, despite efforts on the part of
powerful attackers to destroy it. The attack model explicitly
includes governments. This has obvious relevance to current
controversies involving copyright, trade secrets, etc.
It's difficult to evaluate the proposal because many of the issues
seem more legal than technical. Can a service like this, which
would seemingly exist largely to circumvent legal restrictions on
publishing, possibly be legal?
Anderson's basic concept is of a network of storage servers in widely
scattered jurisdictions. He uses cryptography so that although the
servers store data, no single computer knows exactly what is stored in
the encrypted files it holds. Keys to the data are spread across the
network using secret sharing techniques, with mutual cooperation among
the servers being necessary to decrypt files. (I believe the files
themselves are redundantly stored on individual servers, but they are
encrypted with keys which are split.) Anonymous communications are
used among the network of computers to reply to requests, so that
attackers can't tell which computer produced a requested document.
The overall goal is apparently to arrange things so that each
individual server has a level of deniability if they are accused of
having provided information which is illegal in some jurisdictions.
It can deny having produced any particular document in question, and
if everything is designed properly it is not possible to prove
otherwise (other than by subverting a bunch of the other servers).
I won't try to go into much detail here (actually I found some of the
crypto details kind of hard to follow in the paper, but I will write
up my understanding if there is interest) but some of the other ideas
are that the service would charge money enough to cover its costs and
add new equipment as storage requirements increase (to prevent
flooding attacks), and that requests would be submitted by broadcast
to the network of servers, and information returned via a remailer
network. The documents would be identified by some global names, and
one of the documents would be an index file which identifies the
others, with descriptions.
A few questions for discussion:
- Would it be possible in practice to run a network like this?
- Would there be much interest in it among users?
- Would it be a net benefit to society for such a service to exist?
Hal
Return to July 1996
Return to “snow <snow@smoke.suba.com>”