Cyphernomicon Top
Cyphernomicon 14.5

Other Advanced Crypto Applications:
Timed-Release Crypto

   14.5.1. "Can anything like a "cryptographic time capsule" be built?"
           - This would be useful for sealing diaries and records in
              such a way that no legal bodies could gain access, that
              even the creator/encryptor would be unable to decrypt the
              records. Call it "time escrow." Ironically, a much more
              correct use of the term "escrow" than we saw with the
              government's various "key escrow" schemes.
           - Making records undecryptable is easy: just use a one-way
              function and the records are unreachable forever. The trick
              is to have a way to get them back at some future time.
           + Approaches:
             + Legal Repository. A lawyer or set of lawyers has the key
                or keys and is instructed to release them at some future
                time. (The key-holding agents need not be lawyers, of
                course, though that is the way things are now done.
               - The legal system is a time-honored way of protecting
                  secrets of various kinds, and any system based on
                  cryptography needs to compete strongly with this simple
                  to use, well-established system.
               - If the lawyer's identity is known, he can be
                  subpoenaed. Depends on jurisdictional issues, future
                  political climate, etc.
               - But identity-hiding protocols can be used, so that the
                  lawyer cannot be reached. All that is know, for
                  example, is that "somewhere out there" is an agent who
                  is holding the key(s). Reputation-based systems should
                  work well here: the agent gains little and loses a lot
                  by releasing a key early, hence has no economic
                  motivation to do so. (Picture also a lot of "pinging"
                  going to "rate" the various ti<w agents.)
             - Cryptography with Beacons. A "beacon agent" makes very
                public a series of messages, somehow. Details fuzzy. [I
                have a hunch that using digital time-stamping services
                could be useful here.]
             + Difficulty of factoring, etc.
               + The idea here is to-use a function which is presently
                  hard to invert, but which may be easier in the future.
                  This is fraught with problems, including
                  unpredictability of the difficulty, imprecision in the
                  timing of release, and general clumsiness. As Hal
                  Finney notes:
                 - "There was an talk on this topic at either the Crypto
                    92 or 93 conference, I forget which.  It is available
                    in the proceedings....The method used was similar to
                    the idea here of encrypting with a public key and
                    requiring factoring of the modulus to decrypt.  But
                    the author had more techniques he used, iterating
                    functions forward which would take longer to iterate
                    backwards.  The purpose was to give a more
                    predictable time to decrypt.....One problem with this
                    is that it does not so much put a time floor on the
                    decryption, but rather a cost floor.  Someone who is
                    willing to spend enough can decrypt faster than
                    someone who spends less.  Another problem is the
                    difficulty of forecasting the growth of computational
                    power per dollar in the future." [Hal Finney,
                    sci.crypt, 1994-8-04]
             + Tamper-resistant modules. A la the scheme to send the
                secrets to a satellite in orbit and expect that it will
                be prohibitively expensive to rendezvous and enter this
               - Or to gain access to tamper-resistant modules located
                  in bank vaults, etc.
               - But court orders and black bag jobs still are factors.
   14.5.2. Needs
           - journalism
           + time-stamping is a kind of example
             - though better seen in the conventional analysis
           - persistent institutions
           - shell games for moving money around, untraceably
   14.5.3. How
           - beacons
           - multi-part keys
           - contracted-for services (like publishing keys)
           - Wayner, my proposal, Eric Hughes

Next Page: 14.6 Traffic Analysis
Previous Page: 14.4 Voting

By Tim May, see README

HTML by Jonathan Rochkind