"Passive Blackmail" - Does this kind of application exist?

Incognito Innominatus anonymous at mixmaster.nullify.org
Sun Nov 11 15:55:04 PST 2001


> Suppose a scenario in which an individal has knowledge or substantial
> suspicion that another person, group, or state are interested in
> letting him have an accident or otherwise making him disappear.
>
> Now, that individual could have generally important information, evidence
> about exactly that plot, or other evidence or black-mail material
> against those people who potentially harbor these intentions against him. 

It's a common plot in spy thrillers and the like:  if you kill me I've
arranged to release all the evidence, details of your secret plans, etc.
Mysterious envelopes labeled "To be opened only in the event of my death"
play a prominent part.

Your basic idea seems sound: you would split the data up among a group of
people, or publish the data encrypted and split the key up.  Ideally the
key holders don't know who the other ones are, but all are instructed
that if they don't see a message from you for some period of time that
they should publish their key.  You could use k out of n secret sharing
in case some people lose the key or don't get the message.

You might want to consider Matt Blaze's "oblivious multicast" protocol,
which lets you split the key up among a large number of people without
knowing who those people are.  This would prevent an attack where you
are tortured into revealing who you had given the information to, which
might allow the attacker to eliminate those people before they could leak
the secrets.  It's at his site, www.crypto.com/papers, in the paper on
Oblivious Key Escrow.

In the traditional spy novels people can find out if so-and-so is killed
just by reading the obituaries.  If you want to deal with the pseudonymous
case, where no one knows your true identity, that won't work.  You suggest
publishing a signed and dated statement periodically, but one risk of
this is that your attackers could coerce you into revealing your secret
key, allowing them to keep up the pretense that you are still alive by
publishing messages in your name.

In David Chaum's credential system, there could be an is-a-person
credential associated with your physical biometrics.  This can be
secretly linked to your pseudonyms such that credentials on any one of
your identities can be shown on your others.  In that system you could
get periodic "Still Alive" credentials issued on your physical identity,
by an agency which was trusted to reliably determine that you are still
breathing.  These could then be shown by your pseudonymous selves and in
that way you could pseudonymously prove that you are still alive without
revealing who you are.  Obviously a world with such insitutions is far
from where we are today, and where we are heading, unfortunately.

Maybe you don't care if your True Name is revealed after your death,
in which case you can link the data release to public information about
your True Name's death.  This wouldn't leak any information about your
pseudonym until you die.  If you're actually killed then presumably your
attackers know your True Name as well, so it's not that bad to reveal it.





More information about the cypherpunks-legacy mailing list