[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Timed-Release Crypto



By coincidence, I was thinking about time-release protocols the other
day.  I've got most of a system worked out, but I need to write it up
and look at it for a while to make sure it works.  what I think I have
is a system in which the sender is given a key by a beacon which he
can verify, at issuance time, will be revealed by the beacon at some
future time.  The implementation (but not the basic idea) relies on
using multiple public RSA keys with the same modulus.  I know there
are some attacks against this, but I don't know their nature.  If
someone who knows about this (or knows where to find out) could
contact me I would be most appreciative.

As far as sending money into the future goes, there are some tradeoffs
between anonymity of payment, length of time in the future, and
message size.  Anonymity of payment is difficult, since digital cash
has to expire in order for the bank not have to keep ever huger lists
of deposited numbers.  Large payments are less frequent anyway, and
provide less covering traffic.  If you continuously rotate your money
into the future, therefore, all the steps must be encapsulated, making
the size of the message grow linearly with the number of hops.  One
might be able to use a financial intermediary for anonymity, though.
It's not obvious to me that this will work.

Eric