PlayStation 3 predicts next US president

Florian Weimer fw at deneb.enyo.de
Wed Dec 12 16:17:19 EST 2007


* William Allen Simpson:

> Assuming,
>   Dp := any electronic document submitted by some person, converted to its
>         canonical form
>   Cp := a electronic certificate irrefutably identifying the other person
>         submitting the document
>   Cn := certificate of the notary
>   Tn := timestamp of the notary
>   S() := signature of the notary
>
>   S( MD5(Tn || Dp || Cp || Cn) ).
>
> Of course, I'm sure the formula could be improved, and there are
> traditionally fields identifying the algorithms used, etc. -- or something
> else I've forgotten off the top of my head -- but please argue about the
> actual topic of this thread, instead of incessant strawmen.

The problem is not the outer MD5 (explicitly mentioned in your
description), but that Dp is typically (well, to the extent such
services have been deployed) some kind of hash.  This has got the
advantage that the timestamping service does not need to know the
contents of the document.  On the other hand, if the timestamping
service archives Dp and can reveal it in a dispute, evil twins can be
identified and analyzed -- which undermine the submitting party's claim
that it submitted the second document instead of the first.

Of course, this is actually cheating by substituting proven protocols
for fragile cryptography.  And the result is still open to
interpretation, but all evidence is.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list