[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Timed-release crypto and information economics
-----BEGIN PGP SIGNED MESSAGE-----
In 1993, Timothy C. May posted a message to this list
<URL:http://www.hks.net/cpunks/cpunks-0/1460.html> with some thoughts on
time-release crypto. I think his system is too complex. Here I present
a cleaner model, and show how it can be used in several real-life ways.
In the May proposal, when you have a message to be encrypted, you
encrypt it with a session key, optionally split that key with an n-of-m
scheme, and then send the key into a network of escrow agents, which are
instructed to hold the message for a given period of time. You then
hold onto the encrypted message, though you need not keep it secret.
Conceptually, you have encrypted a message and then remailed the key to
yourself in such a way that it will take X length of time to arrive.
I have a simpler, public-key plan. When you want to keep a message
secret until date X, you ask your favorite crypto house to generate a
key pair and hold the secret key until date X. You then encrypt your
message with the public key, and again hold onto the encrypted message.
N-of-m trust management can be implemented by secret-sharing your message
and encrypting each with a key generated by a different crypto house.
This method is clean, fully anonymous, and nearly stateless.
I've worked out a payment model for both the public and secret key, which
I think can be used for any sort of information in an information economy
not based on (increasingly unenforceable) intellectual property laws.
In this model, the creator of information charges enough to recover
his costs (call this price, the price available to the first buyers,
the "primary cost"). It is then possible for resellers to purchase
it and try to make a profit through multiple sales at a lower price.
If the reseller is hoarding the information, another one can step in,
pay the same initial rate, and try to do better.
This model seperates marketing of information from producing it, and gives
an easy way to profit from doing either. Of course, it's possible to
conflate them into a information creator that sells directly to end-users.
Once you abstract this you'll notice that (a) it's much like existing
models for those who create information for hire, such as writers and
programmers who sign over copyright but could recreate the work; and
(b) it can be applied to many less extreme scenarios, such as where the
reseller makes the product available but under a restrictive licence.
I think this is the basic fabric of an information economy.
Applying it to the selling of timed-release pairs, the primary cost
of the public key is some nominal charge, and the primary cost of the
secret key is the amount required to judge whether or not it should be
released -- a trivial amount for time-based release but something more
for event-based release. (A corollary is that you might pay the judging
fee for a secret key, and receive instead a certificate saying that it
cannot yet be released.)
* Bonds: You deliver $1000 in ecash to the issuer. In returns it gives
you a unique certificate redeemable for $1100, encrypted such that
it may not be decrypted until the maturity date. You also get a
certificate saying that your encrypted bond is a bond, so that you
may demonstrate fraud if you find something else once you decrypt
it at maturity. Essentially this is the same as creating a private
corporate ecash bank. Coupon bonds are a trivial extension.
* Retirement plans, cryonics funds, and wills: You encrypt your assets
or your will in a custom event-based key, and archive it with your
* Idea futures: You have a pair of key pairs generated, one for
encrypting YES coupons, and the other for NO coupons. Now anyone
can generate and sell their own coupons, consisting of $1 in ecash
encrypted with a YES or NO event-release key, again with a certificate
of authenticity to verify fraud.
* Bonding: You pay $1001 for a reputable institution to give you a $1000
bond encrypted in the event-release key based on your breech of
contract, and its complementary negative key, and send you and the
other party each one bond. If you default on your contract, the
injured party can ask the crypto house to release the default key;
if you do not, you can ask the crypto house to release the other key.
4. Cypherpunks write code
I'll let everyone tear into this for a few days, and then I'll put up a
server for timed-release key generation, charging maybe c$1. I'd like
to then enhance it to be capable of issuing bonds and loans denominated
in c$. (I like the cyberbucks trial because it's officially play money,
so there aren't any regulatory burdens.) This should be interesting.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----