Who needs time vaults anyway?
-----BEGIN PGP SIGNED MESSAGE----- I don't really understand the use for "can't be opened until Christmas" tricks. If you don't want anyone to see your info until Christmas then just don't give them a copy until then! If you want to prove that you have it but not let them see it until later then do timestamping of hashes, zero-knowledge proofs and so forth. Can anyone explain what use this theoretical "time-sensitive" crypto box would be good for? Regards, Bryce signatures follow "To strive, to seek, to find and not to yield." <a href="http://www-ugrad.cs.colorado.edu/~wilcoxb/Niche.html"> bryce@colorado.edu </a> -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01 iQCVAwUBMKRNe/WZSllhfG25AQGXxAP9HuZU4tJZ92c4keUHbpSNjWcwyYhTOOWA Atz/Ej8y0Q6xAwRdr2ggqYc7tgWUGMjGZy0vIoET9W6ofkXXnyZzUIFACzXuS7IK 8xOV740ShvnX//5j8x1TMOJuykRNrs0+y8eZI8gDLQ5R1vEEbv7JkmsVVUgdZpau WMR6cG/9qu4= =v4q/ -----END PGP SIGNATURE-----
Can anyone explain what use this theoretical "time-sensitive" crypto box would be good for?
Suppose you die. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer@c2.org
Can anyone explain what use this theoretical "time-sensitive" crypto box would be good for?
Suppose you die.
Suppose you get "silenced", or carted off by big brother for thought crime. A defense: if you try to silence me, this info gets plastered all over the net. Suppose you discovered a polynomial time factoring algorithm (dream on:-), and wanted to sell it to the highest bidder - what odds that the NSA would try to obtain it and silence you? Time-release would be useful for such things. Adam
-----BEGIN PGP SIGNED MESSAGE----- Ack. Corrections. In article <483l88$1f0@yage.tembel.org>, I wrote:
You could do this with a reflector $ct/2$ metres away, assuming your opponent and you are in the same location.
Also assuming your attacker cannot use the information until he can get it back to Earth, or else he could just race towards the reflector and catch it on the way back.
the diameter of the solar system is about 5.4 light-hours
The *radius* of the solar system is about 5.4 light-hours. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMKWYqeyjYMb1RsVfAQEkAQP+Id4Y9uJhwC3ywRDMAeCMh3XDHnznKN7V njNlvkf8hQ9jLVPBbI5rBVRS4ddfmm9SXu9yiTYGpm1Jx29OIYf4Ew4GxUYKFpJc qM95K9DVRtNuYa2ZHMRVX+znV+der+DxPW8tFt9UXL+PpRfygCPgJJD5CGTcDD8L 5YRZUSthj+U= =tQ2G -----END PGP SIGNATURE----- -- Shields.
-----BEGIN PGP SIGNED MESSAGE----- In article <199511111953.MAA26503@nagina.cs.colorado.edu>, Bryce <wilcoxb@nagina.cs.colorado.edu> wrote:
A single station could serve up multiple pieces. It would only reveal the k piece if the querying agent can prove that he has the k-1 piece. Of course if the total number of stations is small then the "physically move the pieces" trick might work.
But you're back to trusting an agent or device not to reveal a secret. What have you gained? The point about moving the elements of the message physically apart has merit, though. So the one-time pad of timerel, the ideally secure but unworkable model, is to encrypt your message with an OTP, then securely transport the pad and location to points that are $ct$ metres apart, where $t$ is the length of time you want to keep your message secret. You could do this with a reflector $ct/2$ metres away, assuming your opponent and you are in the same location. I suppose this could be useful for very short-term applications (for reference, the diameter of the solar system is about 5.4 light-hours), but like the OTP, its application is limited. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMKVYPeyjYMb1RsVfAQFvnAP9H7KfW6pDxvHJF2lIucJyuHX8W2Adrxbd X5rawyQctlAWwRcef6JIPxHcUuL6uznW7bMXrDQMIzDjQMQ/Rb9SdxKdncU0sNQ3 kEuoCKI0r7FJtRS5fSByB6TyQ9dCJJGVRed7P9KVzjP6bCk7Ri889SfNLBd583Kp INOMxDJ0sDY= =LtqD -----END PGP SIGNATURE----- -- Shields.
-----BEGIN PGP SIGNED MESSAGE----- Bryce wrote:
Can anyone explain what use this theoretical "time-sensitive" crypto box would be good for?
Sameer wrote:
Suppose you die.
Hey! Who do you think you are? :-) Just kidding. When I woke up this morning I realized what I was missing: the decryption might be out of your hands, such as when you die, or you might *want* it to be out of your hands for some other reason. With that in mind, I can think of only one unalterable lower-limit on the time of as decryption-- the speed of light. Suppose you encrypt your data with successive layers of keys, K1-Kn. Then you encrypt each key with its predecessor, encrypting Kn with Kn-1, encryping Kn-1 with Kn-2, etc. Destroy all copies of unencrypted keys except for K1, which has not been encrypted. Now put all odd-numbered keys in location A and all even-numbered keys in location B, which is 1 light minute from location A. Once an agent has received Key 1, it will take at least n minutes to decrypt the data. Of course, the agent could just take copies of all of the keys from location B on some physical media and transport the media to location A, which would make the lower bound on time to be "much longer than 1 minute". Hm. Suppose the n different keys are in n different physical locations, and the agent does not know where the k+1 location is until he decrypts the material at the k location. The "scavenger hunt" scheme for timed decryption. Of course this doesn't mean that you have to bury your crypto box and make a map with an "X" marking the spot. Each key could be held by a crypto box which is publically accessible on the Net. The important thing is that the decrypting agent can't retrieve the k+1 piece until he has decrypted the k piece. Then the lower bound on time of decryption is... um... Well it depends on the location of the decrypting agent with respect to the locations of the n pieces. (Neglecting, still, transmission overhead and decryption time.) I'm not sure what the lower bound actually is, but it can be increased simply by adding more pieces to the puzzle. A single station could serve up multiple pieces. It would only reveal the k piece if the querying agent can prove that he has the k-1 piece. Of course if the total number of stations is small then the "physically move the pieces" trick might work. Bryce signatures follow "To strive, to seek, to find and not to yield." <a href="http://www-ugrad.cs.colorado.edu/~wilcoxb/Niche.html"> bryce@colorado.edu </a> -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01 iQCVAwUBMKT/JPWZSllhfG25AQFDlwQAhWHB//NeYM8vylQcBDWbNmScrVoCjUdR TmXVDtnLCZcrAv233l+H3SpdEQmMwQwQCQrM52AreQWMYTSBLuxqr7j9SbpZjek2 FFCMDezbvBPX3ZIuX3SVwrdHa6dm4qgGtpKyfFHxDAn39p+T/HJ+uKaZbA7YVbTC U6NnnfYv1k8= =/2+H -----END PGP SIGNATURE-----
According to rumor, Bryce said:
-----BEGIN PGP SIGNED MESSAGE-----
I don't really understand the use for "can't be opened until Christmas" tricks. If you don't want anyone to see your info until Christmas then just don't give them a copy until then! If you want to prove that you have it but not let them see it until later then do timestamping of hashes, zero-knowledge proofs and so forth.
Can anyone explain what use this theoretical "time-sensitive" crypto box would be good for?
An application that I've seen is financial data, more specifically MBS payment info. There is 100s of megabytes of data, and it was encrypted so that nobody could use the info before the release date/time, but the data needed to be transmitted prior to release because of bandwidth constraints. In this case, it wasn't real time-release, because the key was manually transmitted to release the information rather than implement some sort of "do not decrypt until" scheme. -- Kevin L. Prigge |"A computer lets you make more mistakes faster UofM Central Computing | than any invention in human history--with the email: klp@cis.umn.edu | possible exceptions of handguns and tequila." 01001101100010110010111|- Mitch Ratcliffe
participants (5)
-
A.Back@exeter.ac.uk -
Bryce -
Kevin L Prigge -
sameer -
shields@tembel.org