Distributed cracks, law, and cryptoanarchy
Some thoughts about the distributed crack/reward distribution thing: The "you must report results only to the crack organizers" rule can be enforced if it's made into a contract. Even without a formal contract, I think it's plausible to argue that pretending to participate in the distributed crack, *and representing that to the organizers and thereby gaining access to their private database of already-searched keyspace*, and using that information for one's own private gain, could reasonably be construed as fraud. (depending on your jurisdiction, blah blah blah. But the general pattern - knowing misrepresentation, foreseeable & intended reliance, loss to one party is gain for another - is right at the heart of common-law fraud. The "widely distributed computing" approach depends for economic viability (as opposed to being just an amusing hobby) on preserving the confidentiality of input and output datasets. This protection can be (and will be) provided by both law and technology. The technological side will likely depend on programs distributed as executables only. This implies a client-side "sandbox" environment such as Java so that the software can't get to any of the local hardware (except the processor & display). If distributed crack organizers can be confident that they'll be able to reap the benefits of their organizing, they can offer payments to unsuccessful participants. This approach (tiny payments for idle cycles) scales better to real-world distributed computing problems than the all-or-nothing $10K approach. Because of the need for confidentiality, real-world distributed computing problems are unlikely to give participants a chance at a "big win" if they cheat somehow. (For example, assume Eve intercepts some ciphertext, and she knows enough about the structure of it that she can predict some of its contents (like message headers, or TCP/IP headers) - she will ask for keys which decrypt [a tiny piece of] the headers, and save the juicy data for herself. A cheating participant in the distributed crack gains very little by keeping the winning result to him/herself, unless she knows more about the context of Eve's interception.) I'm suspicious of the idea that a lot of people are going to meaningfully participate in the crack because they've got a "chance" to win $10K; assuming a wide distribution of client software, the chances that any particular client will hit the key is unlikely to be better than 1 in 10,000 or so (and my hunch is it's more like 1 in 100,000) .. which means that the "chance" is worth somewhere between $1 and $.10. Personally, I'd be more motivated by the idea that the crack might help kill stupid export control laws. Then again, I'm one of those people who won't buy lottery tickets. -- Greg Broiles | US crypto export control policy in a nutshell: gbroiles@netbox.com | http://www.io.com/~gbroiles | Export jobs, not crypto. |
I'm sorry to flame, but I'm getting sick of this.
The "you must report results only to the crack organizers" rule can be enforced if it's made into a contract. Even without a formal contract,
I don't want to sign a formal contract. I want to break the key. I don't care about the money. I can buy a lottery ticket if I want a small chance at winning a lot of money. I'll participate when I can download something, type make, run it, and forget about it. Invoving money money seems to be making it harder, not easier, to do this. I thought the reason to crack the key was to demonstrate how weak DES is. If the person who cracks the key collects the reward himself, so what? A good, public nail in the coffin of restrictions on crypto is worth the risk that someone steals the $10k, IMHO. I've got my idle cycles waiting.... Marc
First, I won't express any more opinions about the DES crack and whether it "ought" to be coordinated or uncoordinated. Second, Greg's point brings up something very interesting: At 7:34 AM -0800 2/26/97, Greg Broiles wrote:
others, too. The value of the $10K prize alone isn't that attractive, because with puny hardware it's a very long shot, and with meaningful hardware, the cost of the hardware dwarfs the value of the prize.
Interestingly for the _contract_ discussion, it is likely that many of those participating are not the _owners_ of the hardware on which the crack software is being run. For example, the hardware is owned by universities (and hence maybe taxpayers), corporations, government labs, etc. The whole notion of "stealing cycles" is the key to the crack. as it were. (Sure, in some cases the owners sort of know that spare cycles are being used, or that "something" is going on. And the cycles may indeed be spare...but in some cases the DES crack may materially slow down other users...not my main point, though.) So, do those making a "contract" with the crack challenge organizers have the legal power to do so? Did the University of California waive its share of the prize if the Network of Workstations, for example, finds the key? Will we see "stego cracking," where people hide their intentions so that if the cycles they steal win a prize, they won't have to answer to their employers? Or, worse, share the prize? (Or give up the prize completely, as seems likely under existing case law.) --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
Marc Horowitz wrote:
The "you must report results only to the crack organizers" rule can be enforced if it's made into a contract. Even without a formal contract,
I don't want to sign a formal contract. I want to break the key. I don't care about the money. I can buy a lottery ticket if I want a small chance at winning a lot of money.
I'll participate when I can download something, type make, run it, and forget about it.
My feelings EXACTLY. And the same reasoning behind my machine not being put to work on these DES/RC4 cracking projects. Instead it spends its off-cycles factoring Merseinne primes - why? Because it's the only charity I can donate my spare CPU power to, WITHOUT having to sign forms and other beauracratic garbage. -- Vangelis <vangelis@qnis.net> /\oo/\ Finger for public key. PGP KeyID 1024/A558B025 PGP Fingerprint AE E0 BE 68 EE 7B CF 04 02 97 02 86 F0 C7 69 25 Life is my religion, the world is my altar.
On Mon, 24 Feb 1997, Vangelis wrote:
I don't want to sign a formal contract. I want to break the key. I don't care about the money. I can buy a lottery ticket if I want a small chance at winning a lot of money.
I'll participate when I can download something, type make, run it, and forget about it.
My feelings EXACTLY. And the same reasoning behind my machine not being put to work on these DES/RC4 cracking projects. Instead it spends its off-cycles factoring Merseinne primes - why? Because it's the only charity I can donate my spare CPU power to, WITHOUT having to sign forms and other beauracratic garbage.
For win32, just get deskr or brydDES. (For North Americans, a deskr beta is available via http://www.csn.net/~mpj/crypto.htm; BrydDES is available internationally at http://inet.uni-c.dk/~svolaf/des.htm). For the record, Peter Trei is still unsure if my export controlled site is totally EAR-compliant, so don't blame him if you don't think it is. I, however, believe that it is fully compliant, knowing full well the ease of bypassing it. Please don't -- it only eggs the feds into making the law worse. Get BrydDES if you are outside of North America. It is faster, anyway, so far, although Peter is gaining speed as he tweaks his code. Michael Paul Johnson Opinions herein are not necessarily Exabyte's. Work: mpj@exabyte.com http://www.exabyte.com Personal: mpj@csn.net http://www.csn.net/~mpj BBS 303-772-1062
At 04:31 PM 2/24/97 -0500, Marc Horowitz wrote:
The "you must report results only to the crack organizers" rule can be enforced if it's made into a contract. Even without a formal contract,
I don't want to sign a formal contract. I want to break the key. I don't care about the money. I can buy a lottery ticket if I want a small chance at winning a lot of money.
I'll participate when I can download something, type make, run it, and forget about it.
If this is the case, it seems like it'd be useful to consider what sort of social/legal/technical environment is most likely to result in "something" that you can download, make, run, and forget. Hence, discussion about legal and technical approaches which are likely to satisfy organizers' desires to control the direction & results of their projects. A distributed crack needs client software, and a coordinated distributed crack needs some sort of coordination mechanism. The current set of rewards available to potential organizers doesn't seem to be inspiring an outpouring of effort. (No offense is intended to people who are actually deploying things; the "lack of outpouring" comment refers to the number of different efforts, not the commitment exhibited by those who are working now.)
Invoving money money seems to be making it harder, not easier, to do this. I thought the reason to crack the key was to demonstrate how weak DES is. If the person who cracks the key collects the reward himself, so what? A good, public nail in the coffin of restrictions on crypto is worth the risk that someone steals the $10k, IMHO.
That's a very noble sentiment, but until *you* write some software, the risk that you're dismissing is *someone else's* risk - so you're balancing a public good against someone else's loss, and deciding that it works out nicely for you. Well, sure. You seem to be willing to give up the nominal value of the prize (somewhere under $1, when discounted against the chance of hitting the key) but you don't seem to be willing to invest anything substantial (like many hours of programming time, or serious computing horsepower) in the bruting effort. I'll cheerfully admit that my level of commitment is similar to yours - I don't mind letting someone else's software eat up my idle cycles. But I'd have to see some tangible benefit to me before I'd be willing to put any real time or effort into a crack, and I suspect this is true of many others, too. The value of the $10K prize alone isn't that attractive, because with puny hardware it's a very long shot, and with meaningful hardware, the cost of the hardware dwarfs the value of the prize. I don't think it's realistic or useful to pretend to ignore economics. I believe that you are not ignoring economic considerations when you fail to invest significantly in the bruting effort, and I don't think there's anything wrong with that. My point is that if we want to see a brute-force attack succeed, and we want the threat of other brute-force attacks to be credible, we should find a way to organize rights & obligations such that it looks rational to act as the organizer of a brute-force effort. The current configuration doesn't seem to inspire widespread significant interest. -- Greg Broiles | US crypto export control policy in a nutshell: gbroiles@netbox.com | http://www.io.com/~gbroiles | Export jobs, not crypto. |
Greg Broiles <gbroiles@netbox.com> writes:
That's a very noble sentiment, but until *you* write some software, the risk that you're dismissing is *someone else's* risk - so you're balancing a public good against someone else's loss, and deciding that it works out nicely for you. Well, sure. You seem to be willing to give up the nominal value of the prize (somewhere under $1, when discounted against the chance of hitting the key) but you don't seem to be willing to invest anything substantial (like many hours of programming time, or serious computing horsepower) in the bruting effort.
When I wrote my message, this thought occurred to me. I should have assumed someone would call me on it :-) My perception of the situation (which may or may not be accurate) is that the technology, while perhaps not the best possible, exists. What seems to be preventing coordination is bickering about what to do with the money, including the fear that someone else will claim the money. As you have pointed out, the value of a $10K prize is not that attractive. If people are doing anything at all, it is not for the prospect of economic gain. I'm hoping that someone who has other incentives besides the money will agree with my evaluation (and yours, I think) of the risks, and move forward with the project.
My point is that if we want to see a brute-force attack succeed, and we want the threat of other brute-force attacks to be credible, we should find a way to organize rights & obligations such that it looks rational to act as the organizer of a brute-force effort. The current configuration doesn't seem to inspire widespread significant interest.
By these arguments, the rc5-48 attack would have never happened. I'm not sure what the incentives were for that, but I think the same incentives apply to a DES attack. I don't think the money figured prominently into the first attack. My message was intended to cause those who might work on the second attack to look past the money, and at whatever other incentives they might have.
I don't think it's realistic or useful to pretend to ignore economics.
I'm not trying to ignore economics. I'm trying to show that, for some of us, there are other incentives than money. For me and you, these incentives aren't strong enough. For someone else, they might be. I can't make them do anything, but I can certainly try to encourage them. Marc
participants (6)
-
gbroiles-nospam@netbox.com -
Greg Broiles -
Marc Horowitz -
Michael Paul Johnson -
Timothy C. May -
Vangelis