[Cryptography] Best internet crypto clock

Arnold Reinhold agr at me.com
Tue Oct 7 10:21:54 EDT 2014 

On 4 Oct 2014 15:50 Jerry Leichter wrote:

...
> The question of replicating the "picture of the kidnapped person" scenario, however, seems impossible.  Consider what it claims to deliver:  Anyone looking at the photo, at any time after it was made, can be sure that the person in the photo was actually alive when the photo was taken, and the photo could not have been taken earlier than the date on the newspaper.  Well, maybe that was more or less true back in the days of black-and-white photography; but there would not be the slightest difficulty in faking such a photograph today using Photoshop or similar software.  You then are reduced to the battle of the photo experts - the ones who produce better and better fakes vs. the ones doing better and better detection of fakes.
> 
> The fundamental thing you're trying to prove is that some *event* - the taking of the photograph - took place after some time T.  This isn't the kind of thing we deal with in cryptography, where the usual starting point is "some string of bits" B.  Proving that "some string of bits" could not have been produced before T seems difficult.  In fact, if you pose the problem as "combine B with some other string of bits S(T), such that the result proves that B was not known before T", the problem is clearly insoluble.
> 
> (Before you go, oh, but you can commit a hash of B to the blockchain at time T - that solves the *inverse* problem:  It proves that you knew B *no later than* T.)
> 
> If you instead go back to trying to solve the original problem, you can pose it a different way:  I want to "apply" my victim to S(T) to produce an output that (a) only the victim could have produced; (b) could only be produced with the knowledge of S(T).  For example, suppose that voice-printing were an infallible way of identifying a speaker.  Then we could use a recording of the victim reading S(T) aloud.  (Of course, "infallible" has to include the ability to detect splices and other ways of modifying or combining recordings made earlier to produce the "proof of life".)  Having him write it out with pen and paper would work about as well.
> 
> If there were a way to produce a (digital) signature based on "something you are" - assuming that this becomes unavailable after death - then the victim's signature of S(T) would serve this purpose.  Some of the work on biometrics might eventually get us there, though it seems doubtful.
> 
> I'm not even sure how to pose a general version of this problem.  There are some special cases that work and might be useful.  Extending the signature example, suppose we have a tamper-proof signing box.  Using it to sign S(T) is proof of possession of the box at some time after T. Perhaps this could provide some kind of proof of receipt.

This conundrum suggests a need for a camera that cryptographically signs its images. It could be packaged and certified as a FIPS-140 level 4 HSM. The camera would have a built-in asymmetric key pair with the public key available from the manufacturer by camera serial number. It might also accept additional keys via Bluetooth or USB and sign images using those keys as well. As with any HSM, secret keys would be erased upon detection of tampering. The camera could communicate via Bluetooth or USB or an optical link and be controlled by a cell phone app, perhaps clipping onto the cell phone or phone case. It might use inductive charging to minimize electrical connections.

I would envision including a good quality internal clock, set at time of manufacture and non alterable. (When the clock battery dies, the camera is toast.) The camera would periodically or on command output a signed certificate containing the current reading of its internal click and maybe an external nonce like the NIST beacon, which might then be sent to a time stamping service, creating a record of internal clock drift over time.. The camera might store a correction factor, so it could output a UTC time, but the internal clock would be included in any certificate as well.

It would seem that a camera like this would be useful in a variety of applications (besides kidnapping) to create legally provable documents. Assuming it had a video mode, it could be used as a notary, recording a person's spoken acceptance of contract, or witnessing his handwritten signature on a document. Of course one would still have to trust the manufacturer.

A signing camera isn’t a new idea, a quick Google search came up with this 1992 paper http://www.friedmanarchives.com/Writings/Trustworthy_Digital_Camera_Technical_Paper.pdf , but camera technology developed for cell phones makes something like this much more affordable. Has anyone attempted this? How close could we get with an iPhone 6, given Apple's improved security scheme?

Arnold Reinhold

More information about the cryptography mailing list