[Cryptography] Proof of preservation...

Natanael natanael.l at gmail.com
Tue Mar 3 16:42:18 EST 2015

Den 3 mar 2015 20:15 skrev "Phillip Hallam-Baker" <phill at hallambaker.com>:
> So folk have probably seen the flap over Clinton's emails. The latest
claim being that all the mails were archived.
> Leaving aside the politics of the situation (GWB era emails went through
a server run by a GOP political outfit that was probably infiltrated by
every intel agency on the planet), how would folk go about establishing a
proof this had been done?
> In the past the reason to avoid the govt. servers would be wanting to
avoid getting into an Ollie North situation and be proven to have lied to
Congress in the recovered emails. But it is also possible that a concern
was not wanting the NSA to know what State is up to.
> Some sort of notary log would be required of course. But that only allows
a demonstration that the archives are complete with respect to the log
which isn't the same as ensuring they are complete.

(edited to not top post this time)

Fundamentally you have the requirement that every person sending anything
to them and every person receiving anything from them must perform a lookup
in the public log of theirs, in order to confirm that nothing has been left
out. You must also have some form of protections and/or incentives that
ensures most communication is done by notarized email.

Anything less means it is trivial to keep things out of the log,
undetected. You can however make this enforcement a little easier to
achieve by using an intermediate logging server run by an independent
party, and forcing all email to be routed through it. Can't tell you how to
effectively force everything to be routed through it, however. Maybe if you
require all email to be sent encrypted to that server's public key such
that the emails aren't even readable otherwise? But that only ensures
honest and cooperative senders will have their emails logged.

But don't forget that personal email accounts frequently are used by
officials, making all those mechanisms ineffective. So again, you must also
have some form of protections and/or incentives that ensures most
communication is done by notarized email. Now this is mostly *a social
problem*. You would need effective punishments against those using private
email and a policy that requires that all decisions are discussed via the
notarized email systems (anything without sufficient complete notarized
discussions would be at risk of being revoked/reversed follwing an audit,
as a method to ensure the system is used). Audits would ask "where and when
did you discuss this?", asking you to point to the logs. Too many instances
of unlogged conversation = disciplinary action, in proportion to how
serious the topic is.

Assuming nothing is left out of the log, the rest is only a matter of
crypto engineering. Just use hash chains of whatever kind that fits the
purpose. Making sure it is indeed used in append-only mode (no entities
removed, only added) would be a requirement, like with most authenticated
digital timestamping systems, git, blockchains and others.

This could be given higher assurances by adding the requirement that all
blocks (assuming a blockchain type structure) are signed by the log
maintainer. If any entry was added and silently removed again right after
having been checked, then the verifier will be able to show a signed entry
that's been removed from the current official log.

As for proving completeness regarding that the list of entries given to you
during an audit corresponds 1:1 to the logged entries (confirming that no
logged entries are hidden from you), I think Patricia trees would work as
the log structure, (there is of course numerous other possible solutions).
Reference: https://github.com/ethereum/wiki/wiki/Patricia-Tree
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150303/b84fe43e/attachment.html>

More information about the cryptography mailing list