Re: Timed-release crypto and information economics
At 6:52 PM 11/9/95, Beavis B. Thoopit wrote:
That's a pretty large number of assumptions:
tamper-proof delay line => tamper-proof crypto box ("transformation function with state") => tamper-proof delay line
Why not just put a tamper-proof clock in the tamper-proof crypto box and not bother with the delay lines?
The tamper proof aspect is really secondary to the math question. The idea that if I set up a stream of bits through a transform, that the original state of the transform affects the final outcome after N iterations.
The tamper-proof (more correctly, "tamper-resistant" or "tamper-responding") hardware is so that attackers do not alter the clocks, as one example, to "speed up" the time release. Or grab the key, as another example. (Cranking up the clock speed may or may not be possible and still have the device work, but it's still an attack to consider.) If the attacker can grab the internal state of the device, he can of course run the "transform" talked about above on his equipment.
If the transform exists, it will ease/eliminate the reliance on the "economics" of cryptography to build a tamper-proof physical device.
You'll need to more carefully argue your thesis. I cannot imagine a method, save perhaps for quantum computing techniques, which can avoid the need for "secure secrets," either via a person keeping a secret or a box keeping a secret. If the box is not secure against tampering, and an attacker gets in, he effectively "knows" all of the secrets. BTW, the "launch into solar orbit" scheme that has again surfaced here is just a variant of making the costs of an attack very high. --Tim May Views here are not the views of my Internet Service Provider or Government. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway."
Tim May responded:
The tamper-proof (more correctly, "tamper-resistant" or "tamper-responding") hardware is so that attackers do not alter the clocks, as one example, to "speed up" the time release. Or grab the key, as another example.
(Cranking up the clock speed may or may not be possible and still have the device work, but it's still an attack to consider.)
If the attacker can grab the internal state of the device, he can of course run the "transform" talked about above on his equipment.
If the transform exists, it will ease/eliminate the reliance on the "economics" of cryptography to build a tamper-proof physical device.
You'll need to more carefully argue your thesis. I cannot imagine a method, save perhaps for quantum computing techniques, which can avoid the need for "secure secrets," either via a person keeping a secret or a box keeping a secret.
Above, I said "ease/eliminate"... let me limit my claim to "ease". I see 2 unique points in this scheme that I have not seen discussed much: 1) Using _dynamics_ to _limit_ (maybe not prevent) penetration of a system. 2) Using a feedback state machine in a heavily iterative manner to hide the message. The tamper-resistant circuits discussed (and some enjoying some hopefully profitable sales) have been _static_. There is no (of which I am aware) continual change in the circuit/mechanism. I propose a device in some form of incessant motion (electrical or otherwise). It seems a greater (thought I am sure not impossible) task to capture the state of a moving target. It seems that there may be a device that inherently allows itself to be read serially (one bit after another). Add the feedback state machine to this (ephemeral) device, and you may have a nice platform for time-released information. The torsion-wire device described in a previous post is a nice example of a device that allows access to only one bit at a time. (Now, maybe some sort of camera could be used to "see" all of the bits at once in flight along the wire. For argument, let's assume not.) The problem with the torsion wire device is that the math transform needs to live somewhere between the two ends; access to the bits at the front and back of the transform is not allowed. I want something cheaper than a satellite, but beaming bits to a satellite that performs the iterative, feedback transform and transmits the transformed bits back home may illustrate the type of platform needed. It allows me to see only one bit at a time. The bits are munched each "round". A delay is inherent in the system and is not "acceleratable". If this platform exists, how do I precompute a message to take advantage of it?
participants (2)
-
Beavis B. Thoopit -
tcmay@got.net