[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Time release crypto



>>What minimal requirements would be needed to support encrypted packets/files
>>that a holder could only decrypt after a certain date/time?

Technology can't solve the problem, only help a bit; algorithms
aren't timebound.  In particular, true security depends on only
being able to decrypt if you have the correct information, and there's
no way to create decryption information in the future from 
encryption pieces you have now without being able to create the 
same information now.

Tim's 1993 article suggests spreading data around with 
> independent escrow agents who handle large volumes of messages
> and agree to hold them for various amounts of time. 
and depending on reputations and market forces to ensure honesty. 

> The decryption key to the original message is itself broken
>up into several or many pieces and scattered to a network of
>"remailer"-like agents (they are essentially "remailers into the future,"
>by agreeing as part of their protocol to hold messages for some amount of
time). 

What Tim almost, but not quite, mentions here is Shamir Secret Sharing -
you can split messages into N pieces, of which any M can reconstruct
the message and any M-1 don't contain enough information to resolve 
their equations uniquely, leaving you with _no_ known correct bits.

Tim's message also talked about having lots of data flowing around in 
a remailer-like fashion, but that may not be untraceable by subpoenas,
#---
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---