From: John Young <jya@pipeline.com>

Responding to msg by pierre@shell.portal.com (Pierre Uszynski) on Mon, 19 Sep 6:32 PM

...

What would be ideal in all these cases is a steganographic process that would map to the whole as much as to the parts. Fractal steganography.

The fractal steganography sounds promising. Is this yours or has it been done?

Let me reassure you: I have never heard the idea seriously explored before, and I'm not certain it leads anywhere really useful (as in satisfying from a security point of view.) Mostly, though, the interest in crypto has been so far toward standard message digests made to detect *any* tampering with the message. On the other hand, there has been work on ad-hoc steganographic marks with the purpose of tracking leaks and dumb or hurried copyright violators, and in that case it is useful to keep in mind: no point in protecting only the whole, or only some parts. Still, nothing close to what I described that I know of (I have no read yet about the work at one of the bell labs :-) on marks in text for leak tracking.) Again, as I pointed out, there must be serious tradeoffs in implementations of the idea, to the point where I don't know if it is realizable, or useful. And so far, art signature ideas have been fairly limited and not really explored to their conclusion. Besides, I'm in the "copyright is dead" camp, and for artwork I would tend to put value in physical objects (whether single original, or editions intrinsically limited because of the process). An electronic copy is an electronic copy is an electronic copy. There is value in timeliness too, and that's the main incentive for new ideas and work. Especially nowadays, being there first has value in itself, we don't need legislation to prop that up. I am however interested in such robust message digest ideas in an information retrieval context: How do you index documents without deciding in advance what the retrieval will be based on: words, parts of speech, lines, sentences, paragraphs, digest, exact, approximate, phonetic, relevance feedback... The whole or the part. See also the recent announcement about an NSA product to match similar texts without prior knowledge of topic or even language (as claimed).

The need for authentic sigs on architectural and engineering drawings is not merely aesthetic. Right now municipal agencies will not accept digital documents because of the lack of verifiable authorship to establish responsibility, and liability, for the health and safety of the design and construction. Hard copy with original seal is required to prevent unauthorized manipulation.

In this case, a signed message digest would do just fine. If the agency really wants paper, they can have a seal on a form with a printed public key. They can verify that the signature and digest match when the drawing is first delivered, and that's it. No unauthorized manipulation can happen and not be detected (if the drawing digest is checked before the drawing is used.) And the author need not be allowed to repudiate a signature on old drawings. If he destroys the private key after having used it on a project, no new drawings can be filed that fit the same published public key either. So that should do it. Date-stamping is relatively well understood too.

Beyond copyright protection, architectural and engineering documents are means to guide actual construction, rather than end products like paintings and drawings in the art world.

Actually, they only wish the painting was the end product. Instead it can get ripped off, copied, changed, printed, appropriated in many ways.

If there could be a way for buildings themselves to convey authenticity, say, that they are healthy and safe, by a kind decryption by the public that could help prevent concealment of shoddy construction. It's not the drawings that assure safety but field verification of the end result that construction work was done right.

What a great help if a building could convey its own message of authenticity about its fitness and safety for habitation and use. [...] Any other thoughts?

Yes, we are nowhere close to that, but it's fun to think about it. However, "healthy and safe" is not an authenticity problem. Whether a building is an original or a copy is, so, maybe, is whether the building is according to drawing or not. "Healthy and safe" is very subjective, especially in an over-regulated society where "meeting the code" is essentially impossible. So "healthy and safe" is a certificate granted by an agency that can be duped and/or is lazy and/or has other agenda^H^H^H^H^H^H priorities. (:-) what's the plural for agenda ?) A building according to drawing need not be "healthy and safe". Finally (and then I'll stop, promised) verifying a message digest relies on the verifier having access to at least all that needs to be verified. And only what is available can be verified, of course. So shoddy construction is unlikely to become verifiable because it is hidden from whoever would have done something about it. Transparent finances and more efficient use of reputation may help you more. Pierre. pierre@shell.portal.com