At 11:33 AM 4/11/96 -6, Peter Trei wrote:

I've read with interest your proposed GPS-based authentication mechanism (it was posted to the cypherpunks mailing list). Can you confirm that you wrote this? Some people on the list think it may be a forgery. [deleted]

You say: " The signature ... is formed from bandwidth compressed raw observations of all the GPS satellites in view."

" The location signature is virtually impossible to forge at the required accuracy. This is because the GPS observations at any given time are essentially unpredictable to high precision due to subtle satellite orbit perturbations, which are unknowable in real-time, and intentional signal instabilities (dithering) imposed by the U.S. Department of Defense selective availability (SA)."

I think that Denning's paragraph is misleading. S/A is stated; what I think they probably mean is closer to A/S, the anti-spoofing signal. The S/A error is small and changes only slowly, the A/S signal is far faster and could hold the data to implement the signatures. Even so, I think it would be comparatively easy to fake a signal if you are in view of most of the satellites in the area you wish to fake; attempting to fake something around the world would be harder. Aside from the technical difficulties associated with this system (everyone has to have a GPS receiver, for instance) there is an obvious political problem associated with trusting the government. After all, only its agents are supposed to know the dithering code which will be transmitted by the GPS satellite; its agents would presumably be able to fake their location since they can anticipate the data being transmitted. Which raises an interesting issue, I think: Would it be possible to remove the ability of the government to fake these signals, even if the rest of the system worked? The goal would be to prevent anybody (including the operators of the GPS system) from being able to anticipate the dithering codes the GPS satellites would send. One way to do that is to combine multiple random/pseudorandom bit streams (from hundreds, thousands, or maybe even millions of independent sources, perhaps you and me) into an overall stream, in such a way (XOR) that no data contributor could know how the result came out until he saw it. Each contributor would be able to verify, however, that his data stream was used to form the eventual bit stream, and he is confident of the randomness of the system he uses to generate that stream. (If he isn't, he should just change systems, or add another system to his equipment and XOR the results before he sends them off, crypted, to the central data combiner.) Release of the decrypt keys could be delayed "just long enough" to prevent faking. BTW, I'm not endorsing the underlying idea. I think it's a leap backwards for freedom. Jim Bell jimbell@pacifier.com