At 10:52 AM 1/13/95, Eric Hughes wrote:

From: Ben.Goren@asu.edu

Here's a solution:

What problem, pray tell, does this solve?

That of the data haven operator being able to deny knowledge of the contents of files people send him. He'll only return files that, when operated on by a strong cryptographic algorithm, make sense. He therefore can't look inside the files until the owner asks for them back. If he operates a timely (and automated) service, he can't know the contents until after he's already sent the file back. If the server automatically deletes the file upon return, he can't even tell what's in it then. Further, an "authority" won't gain anything by seizing the data.

It seems far more complicated than it need be.

As best I can tell, none of the previous suggestions guarantees that the file is unreadable. How would you accomplish that in a simpler manner? Or would you, as the operator of a data haven, not mind the risk of somebody designing an illegal file that passes all your filters and tipping off the police that you've got such a file on your computer, available to all--for sale, even? If there were a weakness in your filter, somebody could easily exploit that weakness and get the use of your haven. With my system, they could send you anything they liked, but it'd be little more than a cash donation, as they'd never get it back. Your liability would be the same as if the person had just emailed you the file and blew the whistle.

Alice sends a file to Dave's DataHaven. When Alice wants her file back, she sends to Dave a secure hash of the file, a key with which to decrypt it, and a handful of plaintext at the beginning of the file. Dave decrypts the file that matches the hash with the key Alice gave him; if the file begins as Alice says it should, Dave returns the file to Alice.

Eric

b& -- Ben.Goren@asu.edu, Arizona State University School of Music Finger ben@tux.music.asu.edu for PGP public key ID 0xCFF23BD5.