Timed-Release Crypto

Timothy C. May tcmay at netcom.com
Wed Feb 17 12:18:04 PST 1993


Dave Deltorto writes (about my idea for timed-release crypto):

>Well, yes, Tim, but what about the MTBF rating fo disk drives and or other
>storage media? Any such message would also be relying on the turst that the
>disk it's stored on, the mail system and or the organization it was sent to
>for storgae are still going to be around. Now, if there were dedicated places

Loss of hardware over the years due to unreliability is unlikely to be the
main issue, for several reasons:

1. Modern MTBFs for large disk drives are approaching 100,000 hours, or
well over 10 years. The drives are likelier to be voluntarily retired
first. And newer drives, including archival optical drives, are even more
reliable (the  drives may crash, but optical media survive). For the drives
that _do_ fail, backup strategies exist, as with all storage of critical
files. To wit, if your point is correct, then the failures of some disk
drives at banks, insurance companies, etc., should be producing some
fraction of "unrecoverable losses" each year. That they are not, because of
robust backup and redundant storage methods, is evidence that crypto time
vaults will also be reasonably secure. (Granted, you wouldn't want to trust
your $100,000 deposit for 20 years on Joe Random's aging Amiga 1000.)

2. A relatively large file by today's standards, e.g., 10 megabytes, will
be a very small file by the standards of 10 years from now. The upshot is
that new and more reliable storage methods (and transmission methods) will
make storage of such small files quite trivial. (And remember that since
the pieces are encrypted, physical duplication for backups, redundant
storage, etc., is not a compromise of security.)

3. The most reputatable crypto time vaults will of course be careful not to
lose client files, especially not for such mundane reasons as disk drive
failures. 

4. M-out-of-n voting strategies are likely in any case, to deal with
collusion of some of the nodes. That is, a file will be split into pieces
such that any 8 out of 12 pieces, for example, are sufficient to recover
the original file. (Encryption is a separate issue, though obviously
related.)

5. The files are likely to be moved around a lot, anyway, making hardware
failures manageable on an instantaneous basis (that is, bad nodes, etc.,
can be compensated for when the time comes to reroute the files). Thus, a
critical file does not just get "parked" at one site for 30 years.

>where such t-r crypto msgs could be stored, such as a digital "bank" (where
>they would no doubt charge a storage fee, possibly necessitating that each
>such msg would be able to "peel off" digicredits from itself every year to
>guarantee paying for it's own upkeep in case you were no longer aropund to
>sign checks), the question of whether or not it would BE there in 30 years
>might be moot, but that's a whole 'nother discussion.

"Persistent institutions" is what I call these systems or trusts that last
for many decades. If such systems can be built, using some of the ideas
discussed here in this group, then interesting new financial and political
structures are possible. Imagine an anonymous, distributed trust that has
$10 billion in crypto-assets and a "goal" of funding nanotech or cryonics
research. (Lots of complicated stuff yet to be considered in enough detail
on how such "goals" might be stored, acted on, etc. For the sake of
simplicity, think of it as a kind of Howard Hughes Medical Foundation,
which once owned the Hughes Corporation, but which is not located in any
one single country....)

>Still, I find your idea very compelling and full of merit.

Thanks. Lots more work is needed.

-Tim May


--
Timothy C. May               | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com        | anonymous networks, digital pseudonyms, zero
408-688-5409               | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA       | black markets, collapse of governments.
Higher Power: 2^756839 | Public Key: MailSafe and PGP available.







More information about the cypherpunks-legacy mailing list