Peter Murphy <pkm@maths.uq.oz.au> writes:
Of the several problems stated above, I find the pricing protocol the easiest to deal with. There are a few things that need to be known. For example, what is the complexity of Bob's algorithm? Does it do it in polynomial time or (even better) some variant of logarithmic time? The cost should bear relation to this fact.
[Thud](Sound of Bruce Henderson fainting) This is an interesting perspective. I would find myself arguing almost the opposite. It would seem to me that the price one charges for a product or service should depend only on its value to ones clients. Not upon ones cost to produce it.
Not quite. I thought that the price that Bob would set would be as high as he could get away with, without alienating the clients. If Alice sends Bob a message to be decrypted, and shells out $100,000, then Bob (assuming he's honest) will decrypt it. It's too bad if it turns out to be just a juicy love letter - Bob's purpose was there to decrypt it, and not to work out the value to the customer. After all, if it turns out that the file was actually a design to some FTL vehicle, then setting a flat price in the negotiation phase prevents Bob from going around and upping the price to $10,000,000.
If the value of your product to your customers is $100,000, then the price should be $100,000 regardless of whether it costs you $1 or $10,000 to make.
I'm sorry - we seem to be thinking differently. The way I was thinking was that Alice was actually giving Bob the message only, and that Charlie (our suspected criminal) was smart enough to keep his public key away from the office (or on a floppy disk). Of course, if Charlie is stupid enough to leave his public key around, then Alice can send only this key to Bob, and leave the 'naughty' message at the office. Otherwise, Bob has only the ciphertext to go on - or possibly a bit of plaintext, although Alice probably won't do that either.
The cost should also be related to the number of bytes in the message.
I'm not sure about this either. A short message about a hidden bomb which reads "under your chair" is infinitely more valuable than a lengthy message containing the last six months of postings to rec.pets.cats.
But again, that's assuming that Alice does know what is in the encrypted file. She (rightly) suspects that Charlie is giving stolen goods away.... but she doesn't know that. See above. Anyway, Bob may have other clients, and the time on his 486 is fairly precious.
Once Bob gives Alice the factors, all messages encrypted with that RSA public key can be decrypted, so the number of messages and the length of each aren't really an issue. Bob could keep the factors and sell Alice the plaintext of individual messages, but this requires a continuing business relationship which the anonymous Bob may not want.
If the messages contain confidential information, Alice may not want Bob to see them. Since Alice is paying Bob big bucks to factor the key, it is unlikely Alice would agree to let Bob keep the factors to himself.
Ooh.. this is a tough subject to police. It is possible that we have a company rep (Denise - isn't alphabetical naming beautiful :-)) looking over Bob's shoulders while he's doing his stuff, and checking that he's not saving the information to a private file. Possibly, Bob would do the encrypting in Denise's office. After all, he may have built in an option that saves all information acquired to a "key ring". Denise does not want him to do this, and makes sure that he only bring the executable file with him. She also makes sure that no suspicious files are created . Remember that Bob does not want to give the program to Denise - it contains his secret special recipe for factorization, and doesn't want anyone else to examine the program too closely.
-- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $
======================================================= | Peter Murphy. <pkm@maths.uq.oz.au>. Department of | | Mathematics - University of Queensland, Australia. | ------------------------------------------------------- | "What will you do? What will you do? When a hundred | | thousand Morriseys come rushing over the hill?" | | - Mr. Floppy. | =======================================================