-----BEGIN PGP SIGNED MESSAGE----- 1. Method In 1993, Timothy C. May posted a message to this list <URL:http://www.hks.net/cpunks/cpunks-0/1460.html> with some thoughts on time-release crypto. I think his system is too complex. Here I present a cleaner model, and show how it can be used in several real-life ways. In the May proposal, when you have a message to be encrypted, you encrypt it with a session key, optionally split that key with an n-of-m scheme, and then send the key into a network of escrow agents, which are instructed to hold the message for a given period of time. You then hold onto the encrypted message, though you need not keep it secret. Conceptually, you have encrypted a message and then remailed the key to yourself in such a way that it will take X length of time to arrive. I have a simpler, public-key plan. When you want to keep a message secret until date X, you ask your favorite crypto house to generate a key pair and hold the secret key until date X. You then encrypt your message with the public key, and again hold onto the encrypted message. N-of-m trust management can be implemented by secret-sharing your message and encrypting each with a key generated by a different crypto house. This method is clean, fully anonymous, and nearly stateless. 2. Economics I've worked out a payment model for both the public and secret key, which I think can be used for any sort of information in an information economy not based on (increasingly unenforceable) intellectual property laws. In this model, the creator of information charges enough to recover his costs (call this price, the price available to the first buyers, the "primary cost"). It is then possible for resellers to purchase it and try to make a profit through multiple sales at a lower price. If the reseller is hoarding the information, another one can step in, pay the same initial rate, and try to do better. This model seperates marketing of information from producing it, and gives an easy way to profit from doing either. Of course, it's possible to conflate them into a information creator that sells directly to end-users. Once you abstract this you'll notice that (a) it's much like existing models for those who create information for hire, such as writers and programmers who sign over copyright but could recreate the work; and (b) it can be applied to many less extreme scenarios, such as where the reseller makes the product available but under a restrictive licence. I think this is the basic fabric of an information economy. Applying it to the selling of timed-release pairs, the primary cost of the public key is some nominal charge, and the primary cost of the secret key is the amount required to judge whether or not it should be released -- a trivial amount for time-based release but something more for event-based release. (A corollary is that you might pay the judging fee for a secret key, and receive instead a certificate saying that it cannot yet be released.) 3. Applications * Bonds: You deliver $1000 in ecash to the issuer. In returns it gives you a unique certificate redeemable for $1100, encrypted such that it may not be decrypted until the maturity date. You also get a certificate saying that your encrypted bond is a bond, so that you may demonstrate fraud if you find something else once you decrypt it at maturity. Essentially this is the same as creating a private corporate ecash bank. Coupon bonds are a trivial extension. * Retirement plans, cryonics funds, and wills: You encrypt your assets or your will in a custom event-based key, and archive it with your executor. * Idea futures: You have a pair of key pairs generated, one for encrypting YES coupons, and the other for NO coupons. Now anyone can generate and sell their own coupons, consisting of $1 in ecash encrypted with a YES or NO event-release key, again with a certificate of authenticity to verify fraud. * Bonding: You pay $1001 for a reputable institution to give you a $1000 bond encrypted in the event-release key based on your breech of contract, and its complementary negative key, and send you and the other party each one bond. If you default on your contract, the injured party can ask the crypto house to release the default key; if you do not, you can ask the crypto house to release the other key. 4. Cypherpunks write code I'll let everyone tear into this for a few days, and then I'll put up a server for timed-release key generation, charging maybe c$1. I'd like to then enhance it to be capable of issuing bonds and loans denominated in c$. (I like the cyberbucks trial because it's officially play money, so there aren't any regulatory burdens.) This should be interesting. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMJ6jgeyjYMb1RsVfAQHKPAP8CF8HAN3dPa0QaJ3knDuv5gKd2yIUE57G icK5flsVOHcmq2+y3LkB8uCWBT1IxyoWv9I2u1yQbujYtttjgparCoCeErXk7uPe h7yY/eZzx3wgIrGxMEGePZftwoA2aGfyO+wDy/5lPZ0yWxLpoLr67RfpWbutqinf bmn6xeL64lg= =iXOF -----END PGP SIGNATURE----- -- Shields.