[Cryptography] Auditable logs?

John Denker jsd at av8n.com
Mon Oct 27 16:14:05 EDT 2014

On 10/26/2014 05:28 PM, Sandy Harris wrote:

> What sort of crypto mechanisms might help here?

Let me start out ultra-simple and work up from there.

Here is a technique that applies to any file, not just
a log file.  I've used this for decades.  When I invent
something, I type up a description.  I compute a HMAC
and send it to my lawyer, with instructions to date-stamp
it and put it in the files.

This compares very favorably to the usual practice of
having a colleague countersign my lab book.  Among
other things
 -- It means there can be no suggestion that I altered
  the lab book after it was signed.
 -- It means there is no possibility of a leak;  the
  HMAC is a one-way function and cannot be used to 
  reconstruct the meaning of the document.
 -- I expect the timestamped page to be admissible under
  the "business records exception"
  which might not apply to my colleague since he was
  not necessarily required to sign my book as a matter
  of routine.

This suffices to prove that something was invented /before/
a certain date.
    In contrast, proving that something happened /after/ a
    certain date -- e.g. hostage proof-of-life -- is a whole
    different ballgame, as discussed in a previous thread.
    This is a subset of the infinitely-tricky double-agent
    triple-agent problem.

The foregoing is really bare bones, not even involving
a digital signature, but it gets the job done at two
  1) I trust it.
  2) The adversaries seem to trust it.  IANAL and my
   experience with this is limited ... but in a situation
   where the adversaries were spending millions of dollars
   to discredit everything and everybody associated with
   me, they didn't bother to challenge this.

Starting from that bare-bones baseline, you can make a
number of improvements.

One possible embellishment is to publish the HMAC in
a newspaper somewhere.  There are small-circulation
newspapers that specialize in publishing "legal notices"
that nobody will ever see, yet meet the legal definition
of publication.  This is a crude form of date-stamping.

A better option is to send the HMAC to a "notary service"
who adds a timestamp, digitally signs it, and sends it 
back.  That gives you something you can keep in your own 
files, without relying on the lawyer's files.

For belt-and-suspenders protection, do both.  Have it 
notarized /and/ filed by a third party.

The foregoing applies to loose documents.  In the case
of a log file, you can do something even stronger. 
Every time you add something important, and also at
scheduled intervals (daily, weekly, or whatever),
hash the new material /along with the previous hash/.
(This is basically how the git commit logs work.)  Have 
the new hash signed and/or filed as above.

This creates a /chain/ that is hard to hack.

That should suffice for any application I can imagine
at the moment.  If there is something else that needs
doing, please explain.

PS:  Note that much harder problems than this have been 
solved.  In particular, there is an extensive literature 
on zero-knowledge proofs.  This involves some elegant 

More information about the cryptography mailing list