[Cryptography] Came up with a weird use case, got questions

paulv metzdowd at bikkel.org
Thu Jan 10 06:15:39 EST 2019 

On Tue, Jan 08, 2019 at 11:28:23PM -0500, Joshua Marpet wrote:
> 
>    Let us imagine that we got millions of people to take cat pictures and
>    escrow them. Then there would be an incentive to break the key.
> 
>    --I have to admit, I laughed. You REALLY like cat pics!!! :)
> 
>    Establishing a quorate notary that can be trusted to sign time is
>    rather easier.
> 
>    --Agreed to a certain extent. In theory, this does make sense.

It doesn't make sense. Why bother with a HSM if the total system will
depend on a distributed trusted third party? (to sign time / whatever).

In this case, simply cut out a unnecessary 'thing', and remove the HSM 
from the system altogether. 

So its either :

a HSM with a buildin clock that will release it's contents in time 

OR 

a (hidden) notary cabal where each member will hold part of the key 
(think DNSSEC root signing) and that will release this key at a given 
time in the future.

But of course a HSM can be confiscated, satelites can be shot down, and 
members of a notary can be prosecuted / hunted down. 

That is why i was wondering if a system could exist where the encypted data 
can be in plain sight, and *everybody* will be able to generate the key in 
the future. 

If a malicieus regime allready knowns where to look for the key, then the
key will be vulnerable, and if the location of the key is secret, then 
the mechanism to keep the key hidden might as well *be* the key.

>    I love what you've talked about here. I just worry about the
>    ramifications of depending on, effectively, secret multi-generational
>    societies. <scratches head> weird one. Maybe we should just set up a
>    religion. :)

Who say's that some existing religions where not allready started for 
exactly this purpose? :)

=paulv


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20190110/7337e7c8/attachment.sig>

More information about the cryptography mailing list