[cryptography] OTR and deniability

Ian G iang at iang.org
Mon Jul 18 16:48:37 PDT 2011

Back in the 1980s, a little thing called public key cryptography gave  
birth to a metaphor called the "digital signature" which some smart  
cryptographers thought to be a technological analogue of the human  
manuscript act of signing.

It wasn't, but this didn't stop the world spending vast sums to experiment 
with it.  They still are, in Europe.  Oh well, that would have been OK as 
long as it didn't hurt anyone.

But it gets worse.  Those same cryptographic dreamers theorised that  
because their mathematics was so damn elegant, the maths couldn't lie. So, 
they could promote a "non-repudiable signature" as a technological advance 
over ink & quill.  The maths was undeniable, right?  Although these days we 
know better, that "non-repudiation" is a crock, we still have people 
running around promoting it, and old text books suggesting it as an 
important cryptographic feature.

Repudiation is a legal right, it's a valuable option within dispute  
resolution, not a mathematical variable to solve out of the equation.

You can't mathematise away legal rights, any more than you can democratise 
poverty away in the middle east, nor militarise pleasure away in a random 
war on drugs.

OTR makes the same error.  It takes a very interesting mathematical  
property, and extend it into the hard human world, as if the words carry  
the same meaning.  Perhaps, once upon a time, in some TV court room drama, 
someone got away with lying about a document?  From this, OTR suggests that 
mathematics can help you deny a transcript?  It can't.  It can certainly 
muddy the waters, it can certainly give you enough rope to hang yourself, 
but what it can't do is give some veneer of "it didn't happen."  Not in 
court, not in the hard world of humans.

I am reminded of a film _A few good men_ which is somewhat apropos of  
those two young kids wasting away in some afghan shithole that passes for 
military justice.  It's that well known scene where Cruise traps Nickolson 
in to undenying his repudiation:

   Kaffee: *Did you order the Code Red* ?
   Col. Jessep: *Youre Goddamn right I did* !


That's repudiation, real life version.  And that's what happens to it, as 
summed up by Kafee afterwards:  "the witness has rights..." Mathematics has 
no place there, as is shown by all the other muddy evidence in the case.

On 16/07/11 6:52 AM, Meredith L. Patterson wrote:
> On Fri, Jul 15, 2011 at 6:45 PM, Marsh Ray <marsh at extendedsubset.com
> <mailto:marsh at extendedsubset.com>> wrote:
>     On 07/14/2011 01:59 PM, Steven Bellovin wrote:
>         Put another way, the goal in a trial is not a mathematical proof,
>         it's proof to a certain standard of evidence, based on many
>         different
>         pieces of data.  Life isn't a cryptographic protocol.
>     The interesting thing in this case though is that the person
>     providing the plaintext log file is:
>     a) a convicted felon
>     b) working for the investigators/prosecutors (since before the
>     purported log file's creation?)
>     c) himself skilled in hacking
> Those bullet points are far more likely to be brought up at trial than
> any of the security properties of OTR. Defense counsel has to weigh the
> benefits of presenting evidence -- will it get some point across, or
> will it be lost on the judge/jury?
> I submit that a military judge or a panel of commissioned officers (and
> maybe some enlisted personnel) is unlikely to appreciate the finer
> mathematical points, and more likely to fall back on "but there are
> these logs, right there, and the feds say they're authentic." The
> defense has plenty of Lamo's own documented actions to use to undermine
> his credibility.
> There's much to be said for "baffle them with bullshit" (not that
> there's necessarily any bullshit even involved), but a jury that doesn't
> understand an argument is likely to dismiss it as bullshit.
> Best,
> --mlp
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography

cryptography mailing list
cryptography at randombit.net

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list