[Cryptography] Best internet crypto clock

Jerry Leichter leichter at lrw.com
Wed Oct 29 17:26:45 EDT 2014

On Oct 29, 2014, at 4:23 PM, John Kelsey <crypto.jmk at gmail.com> wrote:
> You can solve one end of this problem with beacons--nobody could have known this information before this time.
I guessed this was a response to a posting of mine - and it is, to one back on October 4th!  I had to re-read it to guess that the "ends of the problem" might be.

>  You can do the same thing with public information that's unpredictable, like the complete contents of the New York Times front page, or today's sports scores or stock prices.
As I pointed out, in and of itself, this doesn't do anything very interesting.  Using my notation - where S(T) is a new, unpredictable value made available to all no earlier than T - yes, if I utter S(T), that proves my utterance occurred no earlier than T.  But why would anyone care?  To be useful, I somehow need to bind S(T) to something else in such a way that I end up with the proof that the something else "occurred" no earlier than T.  For example, that the picture of my kidnap victim, clearly alive, was taken no earlier than T.  But given the picture and S(T) as bit strings, it appears to be impossible to do that.  There are ways of binding *events* to S(T) to produce proofs that the events occurred no earlier than T - but once you've frozen an event into a bit string, you loose the ability to establish how late it occurred.

> You can use a digital timestamping service to solve the other end--this information had to be available by this time.
Yes, this one is easy.

> I don't know about the kidnapping scenario, but consider some program that takes an RNG seed, or some experiment which requires some random inputs.  I use the beacon values for today at noon to run the experiment, and as soon as I have the results, I get them digitally timestamped--say, at 1PM today.  This binds the experiment in time--it can't have happened before noon today or after 1 PM today.
Yes, the running of the experiment is an "event", and if you use S(T) as an *input* in an appropriate way, you can prove that the event could not have occurred before T.

There's probably some kind of covariance/contravariance thing hiding here if you can set up the model correctly:  You can prove something occurs *after* T if it takes a published S(T) as an input parameter; you can prove something occurs *before* T if you take its output combine it with some public information (e.g., a public hash chain).
                                                        -- Jerry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141029/2817404d/attachment.bin>

More information about the cryptography mailing list