CDR: Re: Zero Knowledge changes business model (press release)

Tim May tcmay at got.net
Tue Oct 31 10:30:33 PST 2000 

At 1:06 PM -0500 10/31/00, Adam Shostack wrote:
>On Tue, Oct 31, 2000 at 09:11:23AM -0800, Tim May wrote:
>| >>Zero-Knowledge is committed to deploying systems that are
>| >>transparent and accountable. In keeping with this policy,
>| >>MPS will incorporate third party verification and split
>| >>encryption key structures
>|
>| Split encryption key. I think that says it all.
>
>Geez.  I don't know how we ended up with that wording. Multiple key
>would have made more sense.  The goal is to have a set of keys which
>are held by different entities.  Thus, your data is encrypted such
>that each of those entities needs to be involved to decrypt it.

>
>By split key encryption, we mean: E_a(E_b(E_c(data))) where E is a
>strong algorithm (3des, twofish, AES), and the keys (abc) are full
>strength, properly generated and stored keys for the system.

Let's stipulate that the split keys are as strong as one can imagine.

OK, let's set the stage with some players:

* Alice, a consumer or customer

* Bobco, a giant corporation dealing with Alice, collecting 
information on her, and all the usual stuff involving corporations 
dealing online with consumers like Alice.

* Chuck and Debby, the holders of the "split encryption key," aka the 
"trusted third parties." (Extending the set to 3 or 4 or N such 
trusted third parties does not alter the basic discussion. Nor, by 
the way, does just having a _single_ trusted third party alter the 
basics of the legal/GAK structure: if the legal or national security 
system can force two parties to disclose, forcing one is easier, 
forcing 3 is slightly easier, and so on. But these are "polynomial" 
issues, so to speak.)

I want to set the state so I can better understand just how and where 
this new ZKS system might be useful (to Alice, to Bobco, to 
governments).

>
>Given that we're doing this for businesses that are collecting data
>now, if you consider those parties 'trusted third parties,' then we're
>increasing the assurance that surrounds them.

This business is what I called Bobco above.

Now, suppose Bobco is using the ZKS system. I can see three regimes 
for any use of a crypto product:

-- storage, at either Alice's or Bobco's site

-- transit, between Alice and Bobco

-- unlinkability: something to do with the linkage of purchase 
information with identity; how Bobco collects and disseminates 
information about customers like Alice

The first two are conventional crypto issues, and don't need a new 
system. Both Alice and Bobco are responsible for securing their own 
data. Should laws require Bobco to secure Alice's data  in some 
specific way, split key systems are still a poor solution.

As near as I can tell, your concern about "privacy laws" has 
something to with the third main use for crypto: unlinkability. Am I 
right?

Before I proceed further, let's see if this is where we're going.

>We consider them
>'merchants,' 'shipping companes' and other such businesses who today
>get data from you.  They're not trusted third parties in the Clipper
>chip sense, but they are parties who store information about you,
>often in very insecure and unprivate ways, as MCI, CDnow, and others
>have found out.

This sounds like the unlinkability again. If so, this is a tough, 
tough nut to crack.

If Bobco is shipping products to Alice, Bobco knows her address and 
what she is buying. Fill in whatever examples one wishes.

And if Alice answers a questionnaire about her buying preferences, 
her income, her age, etc., then Bobco will have this information.

Hard to imagine how adding Charles and Debby to the system as trusted 
third parties helps things. Now, if Alice goes through a complicated 
procedure of dealing with Charles and Debby to only selectively 
reveal her preferences, or if Charles or Debby act as "third party 
shipping agents," so that Bobco doesn't know who he shipped a product 
to, then some unlinkability has been gotten.

Anyway, I could ramble on about whether or not this makes for an 
interesting and profitable market niche, but it doesn't seem to be 
the thrust of where ZKS is going with this new product.

Fact is, third party secrets are not interesting IF Bobco can 
aggregate the secret information AT ANY TIME. Unless some kind of 
unlinkability or blinding (a la Joan Feigenbaum's work on "computing 
with encrypted instances") is done, the trusted third parties don't 
serve much purpose that I can see.

Maybe I'm missing something.

How will Alice's privacy be protected from Bobco by having Charles 
and Debby (or just Charles, or Charles, Debby, Edward, Fred, and 
Greta, etc.) hold split keys?

Wouldn't a better approach be for Alice to protect her own privacy?


--Tim May

-- 
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
"Cyphernomicon"             | black markets, collapse of governments.

More information about the cypherpunks-legacy mailing list