[Cryptography] Good private email

Ray Dillinger bear at sonic.net
Mon Aug 26 13:16:09 EDT 2013 

On 08/26/2013 04:12 AM, Richard Salz wrote:

 > You need the client to be
> able to generate a keypair, upload the public half, and pull down
> (seamlessly) recipient public keys.  You need a server to store and
> return those keys. You need an installed base to kickstart the network
> effect.

> Who has that?

I know who has that - in spades!

The bitcoin network is a public transaction record of bitcoin transfers.
The individual accounts are not quite fully anonymous to a determined
observer, but nothing we've discussed here would be more anonymous.

Anyway, a bitcoin client already generates key pairs, and every transaction
stores them in the database.  The database is distributed to all "full node"
clients, and kept (reasonably) secure using Nakamoto's proof-of-work protocol
for the byzantine-generals problem.  The maintainers of the database have a
vested (monetary) interest in keeping the database secure.

Anyway, each "address" is a relatively short high-entropy string (ECC
crypto) -- and each client already has an "address book" of public
"addresses" (public keys where people can be sent bitcoin payments --
or private messages) and "accounts" (private keys which represent
bitcoin that can be sent).  In addition, you can ask the client to
generate a new "address" (keypair) for you at any moment.  The private
key goes into your "accounts" as an account with zero balance (and no
message history) and a new public key for you goes into your "addresses"
as a place where you can receive payments (and messages).

There are smartphone clients that don't maintain the full database, but
which do maintain the address book, accounts, and address-generation bits
for you.  There are already solutions for transferring public keys
directly between smartphones via bluetooth, which is a convenient channel
outside the sphere of Internet eavesdropping.  And there is already
software that can preprint N business cards (with or without your name/etc
on them) that all have different "addresses" on them, so you can hand them
out to anyone whom you think may have a reason to send you money (or
messages), one address per person.

In practice, people need to key in an address for someone once if they
are handed a card.  Keying it is about the same difficulty as a VIN
number on an auto insurance form.  Subsequent new addresses for the same
person can be sent in a message encrypted, along with any bitcoin
transaction, and automatically replace the address you already have
associated with that account for your next payment (or message).  If
Alice doesn't have preprinted cards, she has her smartphone and it can
generate an address for her on demand -- She will have to read it off
her smartphone screen if she wants to scribble it on a napkin.

If we build further email infrastructure on top of this, A side effect of
this is that every user has a choice about whether or not s/he will accept
messages without payments.  You can require someone to make a bitcoin
payment to send you an email.  Even a tiny one-percent-of-a-penny payment
that is negligible between established correspondents or even on most email
lists would break a spammer.  Also, you can set your client to automatically
return the payment (when you read a message and don't mark it as spam) or
just leave it as a balance that you'll return when you reply.

In short, a private email client can be built directly on top of the
bitcoin network.  In practice, I think it would be useful mainly for
maintaining the distribution and updating of keys, rather than for
messages per se, because the amount of "extra" data you can send along
with a bitcoin transaction is quite small (3k?  I think?).  Anyway, it
couldn't handle file attachments etc.

					Bear

More information about the cryptography mailing list