[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Crypto Protocols are Hard to Analyze
> Crypto protocols are _hard_ to analyze!
> I'm currently trying to analyze a digital cash "coupon" system proposed by
> Nick Szabo,
Whoa nelly! "S&H greenstamps" and another recent idea I've bounced
off Tim refer to a LEGAL "protocol". S&H greenstamps are
"coupons" that can be used to "win" a wide variety of items from
several participating companies; they are not just coupons good for
discount on a specific item or the products & services of a specific
company ("Disney Dollars"). S&H greenstamps got into some legal hot
water for being too close to a privately issued currency, but
nevertheless they are still around. S&H greenstamps make a good legal
From an object-oriented point of view, "E-greenstamps" inherit
digital cash and add legal structure. Here I am assuming that
E-greenstamps or other business/legal manifestations of digital cash can
be implemented with Chaum's protocol, providing "Pretty Good Digital
Cash" in the cryptographic sense. The "Chaum off the shelf"
assumption. If there are holes in Chaum's scheme, or major problems
with implementing it in software, I'd like to hear more, but "S&H
greenstamps" concept doesn't address software security issues.
> "premature productization"?)
I think it's good to discuss business and legal issues -- cf.
the excellent thread on methods of converting physical to/from digital
cash. If we think the work ends with implementing a
good cryptographic protocol, we are sadly mistaken. Perhaps that's
where the work of "cypherpunks" ends, but I have a broader vision of
crypto-anarchy that covers the legal, business, and in general
social issues as well. Any group that wants to seriously
deploy cryptography in the real world has to discuss these as well.
And indeed we do -- does PGP infringe on patents, is it proper
for a remailer operater to read or record what goes through his system,
Crypto-anarchy will really take off when the (real, spendable) money
starts flowing. Thus we should examine a wide variety of business
concepts. The "speculative business plan" is a great way to do this.
Of course cypherpunks are mostly hackers, and we will
concentrate on the hacking -- but before crypto-anarchy emerges,
the legal and business problems (eg not driving off customers with
complex or "shady" operations) also have to be solved.
We do need to be more clear on when we are talking about cryptographic
protocols ("digital cash"), legal structures ("S&H greenstamps"), and
business concepts ("commercial remailer").
> 1. Our archive site of papers and books is not available to many of the
> folks attempting to develop new protocols. To pick one example: digital
> money in all its various forms.
I'd love to see some digicash papers on soda. I also agree on the
need for standardizing terminology in the field of cryptography
and related protocols for remailers, digital cash, etc. Your
concept of a "Protocol Compiler" to enable testing of new
concepts for anon remailers, digicash, etc. is intriguing.
We have already started a "tricks database" with the Word Perfect
crypto-cracker on soda; we need to expand that.
Alas, there may be strong incentive for businesses to put hype
before strong crypto substance. In response, we need to pursue
the following two activities -- eventually, perhaps creating a separate
organization for each:
* A "cracker's guild" to break weak cryptography and publicize
the cryptanalysis algorithms (cf. the Word Perfect crypto cracker),
forcing the weak crypto off the market. For example, if
NetCash was deployed this organization would crack it. This
organization might be funded anonymously by those selling strong
crypto (who have an incentive to debunk their competitor's hype).
* A formal Crypto Auditing Agency that would verify the algorithms
and protocols were secure, without revealing trade secrets.
My next statement may cause hisses & boos, but I think the recent
Crypto-Auditing of Clipper by Denning and other eminent
cryptologists will be a model widely applied in the commercial
computer security business. The auditors should be
able to examine the source and run the programs without revealing
Nick Szabo [email protected]