[Cryptography] [cryptography] NIST Randomness Beacon

Jerry Leichter leichter at lrw.com
Mon Nov 11 22:03:52 EST 2013 

On Nov 11, 2013, at 6:28 PM, Peter Gutmann wrote:
>> I've often wondered if there is a clever way to do the inverse -- basically
>> to have a "latest" timestamp? This seems like a much harder problem -- 'm
>> looking for a "movie plot" type solution that the public can easily
>> understand…
> 
> You could do it with a physical one-way function.  Take a photo of the victim
> on top of the WTC and you know that it can't have been occurred after 9/11. To
> generalise it, photograph the victim in front of some documented object and
> then destroy the object....
Seems awfully complicated.  The only role the destruction of that physical object plays is that it's a widely observed event whose time of occurrence everyone can agree on. But it's not hard to *manufacture* such events completely in digital.  What you need is a timed public commitment to something that is inextricably tied to whatever it is whose existence at a particular time you want to authenticate. For example, suppose you want to show that you wrote some document by midnight tonight.  If you can arrange to publish the hash of the document to a wide audience before midnight tonight, you could always show the document, and anyone can compute the hash and check the publication record.

In fact, a team at (I think) Bell Labs came up with a "digital notary" service that did exactly this, in an efficient way.  It combined the values sent to it into a public Merkle tree, and once a day, published the current root hash in an ad in the New York Times.  That service seems to have vanished (and the phrase "digital notary" seems to have been re-applied to something else).  But there are a number of "time-stamping" protocols, and a RFC (3161), an ANSI standard (X9.95), and ISO/IEC standard (18014) for different kinds of timestamps.  See http://en.wikipedia.org/wiki/Trusted_timestamping for a discussion of the general issue; http://en.wikipedia.org/wiki/Linked_Timestamping has a discussion of the style of timestamp I mentioned (there are other ways to accomplish the same ends) along with a photo of a newspaper showing a daily commitment.

(The particular system I was describing is probably described in this paper:  http://link.springer.com/article/10.1007%2FBF00196791)

                                                        -- Jerry


                                                        -- Jerry

More information about the cryptography mailing list