[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: expiration dates on cryptography


In article <[email protected][]>,
Timothy C. May <[email protected]> wrote:
> Even the "timed-release cryptography" is NOT a pure cryptographic system,
> as the idea of "temporal state" in crypto is iffy. That is, clocks can be
> jiggered. Even "sealed clocks" can be jiggered.

True "timed-release crypto" isn't possible with pure mathematics,
because time never appears in mathematical equations.  Time does appear in
physical equations, so it's conceivable that a device could be built that
really wouldn't divulge a secret for a given length of time.  However,
I'm not sure how such a device would work, and I'm not sure it would be
practical for long periods (longer than a human lifetime).

What I'm really proposing is "event-release" crypto based on reputation,
with checks and balances so that you can minimize the necessary level of
trust and prove breach of contract.  I think this is a useful service,
because you can convince yourself that in practice, it wouldn't be
profitable for the crypto houses to default, nor for an attacker to
compromise every house.

Once you have event-release crypto, time-release is an easy special case,
with zero human interaction and thus fast turnaround and low cost; but
"the beginning of the twentyfirst century" is just an event, as is "my
death" or "a horse with exactly three vowels in its name wins the 1996
Kentucky Derby".

I'm writing code for Tembel's Crypto House now, so I can get an empirical
grasp on this.

> "Self-destruct crypto" would work roughly the same way:
> -- N agents holding pieces of puzzle, contracted to destroy those pieces on
> such-and-such date.

I don't see how this could work, considering that once there are copies
of a message in circulation among nontrusted parties it is impossible
to destroy the information.  Also, it's impossible to verify that an
agent has destroyed a message!

Version: 2.6.2