All trust is economics
Tim May
timcmay at got.net
Sat Apr 26 18:30:11 PDT 2003
On Saturday, April 26, 2003, at 11:41 AM, Eric Cordian wrote:
> Tim May wrote:
>
>> You don't need to take our word for it--you need to see why modern
>> cryptography avoids trust issues almost completely.
>
> Like mathematicians saying "Trust Us, no algorithm exists which can
> factor
> the 309 digit product of two large distinct odd primes in a few
> seconds on
> a cheap PC?"
>
> Perhaps I'm missing something, but it seems to me that public key
> cryptography is fundamentally a trust-based system. With the rise of
> the
> Internet, and almost all crypto being done by people who do not
> physically
> meet to exchange keys, almost all crypto is public key crypto.
>
> Therefore, almost all cryptography (at the present moment) is based on
> trust.
>
> And it's trust based on the "It doesn't exist, because if it did, I'm
> so
> smart I would have found it by now" paradigm, which I've never
> regarded as
> being particularly reliable. (Insert comments about simple algorithms
> whose direct derivation lies just slightly beyond the limits of human
> ingenuity here.)
I'm surprised at you for thinking trust is some number that is either 0
or 1.
All crypto is economics, and so is all trust.
Consider two situations:
Situation 1: "I have generated a key for you and will send it
securely. You can trust me not to look at it and not to reveal it to
anyone else....Well, not unless Saddam's men force me to, or not until
John Ashcroft threatens to hold me as an illegal combatant if I don't
cooperate. Or not until someone offers me $500 cash, no questions
asked, for just a peek. Or not until I realize that this key is being
used to further right wing Nazi causes. Or..."
Situation 2: "Determining your private key requires an attacker to
either monitor your keystrokes and bug your computer, so you'd better
secure it, or it requires factoring a 309 decimal digit number
associated and derivable from your public key. So far, the best
algorithms have only factored a 137-digit number [for example] and no
mathematicians have yet found cleverer ways. Great fame would await
anyone who found a significantly faster method, even a Fields Medal,
and yet no one has yet revealed one."
Now I maintain there is a huge difference in the valuations placed on
the "trust" in these two cases.
If you wish to believe that Joe Sixpack saying he promises to keep your
private key secret is on the same footing as the apparent difficulty of
factoring very large numbers (and if 309 digits is deemed too small,
only a tiny increase in key generation effort and later use to go to
500 decimal digits or even 1000) then you are of course welcome to your
delusion.
All crypto is economics. All trust is economics.
--Tim May
"In the beginning of a change the patriot is a scarce man, and brave,
and hated and scorned. When his cause succeeds, the timid join him, for
then it costs nothing to be a patriot." -- Mark Twain
More information about the cypherpunks-legacy
mailing list