Half a croissant, on a plate, with a sign in front of it saying '50c'
h a l f b a k e r y
Superficial Intelligence

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.

user:
pass:
register,


                                             

Do not decrypt until ...

Time-release private keys
  (+6)
(+6)
  [vote for,
against]

A website which publishes a list of public keys, one for every day of the coming timeperiod. When each day arrives, the corresponding private key is published.

This would be useful for those times when you would like to make sure something is widely published, but not readable until a specific day, such as a note explaining why you killed all those people. It would also be useful for things such as keeping the combination lock code on your cookie jar a secret from yourself until the day your diet is scheduled to end.

idris83, Apr 09 2011

Rivest, Shamir, Wagner: Time lock puzzles and timed-release crypto http://www.google.c...7Nlc0YjspvQ&cad=rja
I would have linked to a copy of Timothy May's cypherpunks post, but those pointers seem to lead to dead ends. I also can't imagine that this wasn't discussed before '93. [jutta, Apr 09 2011]

Time Capsule encryption Time_20Capsule_20encryption
Essentally the same idea. But I guess you made it succinct. [mofosyne, Apr 10 2011]

[link]






       It doesn’t even have to be a website, it could just be an internet protocol. Perhaps a snazzy extension to NTP.
Ian Tindale, Apr 09 2011
  

       die katze kroch in die krypta, kackte und kroch wieder heraus.
po, Apr 09 2011
  

       simple, useful, original. Big tasty bun.
Voice, Apr 09 2011
  

       The general problem is called "timed-release cryptography". It would be nice to have a solution that doesn't require online access and doesn't involve trusting a third party.
jutta, Apr 09 2011
  

       Has anyone proposed using the trajectories of asteroids for timed release cryptography? I'm assuming they're chaotic, thus computable, but only with very large computers, analogous to factoring large numbers. But unlike factoring, if you wait for the appointed date, you can (in principle) determine the key with nothing more expensive than a telescope.   

       This avoids the requirement for online access, though one still has to trust a third party with a very large computer
mouseposture, Apr 09 2011
  

       // The general problem is called "timed-release cryptography" //   

       I see, so it's a known problem. But are there any public servers actually implementing this, right now?   

       I'm considering setting one up myself but my VPS wouldn't be able to generate enough entropy to come up with this many keys unless I sit there logging in and out all day )-:
idris83, Apr 09 2011
  

       An associate was telling me of a service in germany that will embed code into your online profile photos, so on a certain preset date they will expire and the companies logo will show up.   

       Though the intent of the software is to allow people how long someone can access your photos, I was most interested by how the image flips to the companies logo, like a kind of timed steganography.   

       Using the same basic Idea, I imagine one could post boring photos all over the net that would on some date the photo would change to a treasure map or any other information that can be represented visually.
bob, Apr 09 2011
  

       Wouldn't time released private keys be a lot more vulnerable? I imagine there are a dozen ways you manipulate the time on a box and change it to the year 3000 or something..
bob, Apr 09 2011
  

       As far as I know "The Military", whoever they are, have researched several of the; do not decrypt if <not at location>, or do not decrypt until <third party criterion=true>, or do not decrypt until <time=t>, amongst others. Most of these rely on zero-knowledge proofs for a challenge response authorisation. The underlying encryption protocols remain in use.
4whom, Apr 10 2011
  

       Why not just write the key on the asteroid.
spidermother, Apr 10 2011
  

       at 4whom: So you're thinking the time criteria wouldn't be checked internally, but would be done by some 3rd party computer? interesting! I suppose in that case packet injection or ID spoofing might be possible right? or maybe take over the 3rd parties computer?
bob, Apr 10 2011
  

       // I imagine there are a dozen ways you manipulate the time on a box and change it to the year 3000 or something.. //   

       This is why you do not give control of key store system to the person who holds the encrypted data; instead the keys are entrusted to a third party such as verisign.
idris83, Apr 10 2011
  

       [irid...] That is Tim May's suggestion, however how long do TTPs stay TTPs?
4whom, Apr 10 2011
  

       //Why not just write the key on the asteroid.// If you substitute "artificial satellite in highly eccentric circumsolar orbit" that might work.   

       It seems the "standard" no-3rd-party technique is to encrypt using a method that provably requires a certain number of standard arithmetic operations for decryption and is provably unparalellizable. This uses "CPU cycles" as a unit of time -- requiring that code run on known hardware, which must be hardened against overclocking.   

       So far, all suggestions rely on inaccessesibility of a physical object. If that's really a requirement, then a satellite in the Oort cloud sounds a better candidate than a server or the innards of an RSA card.
mouseposture, Apr 10 2011
  

       [bob] You are completely misunderstanding my misunderstanding of the concepts. No third parties necessary. The challenge-response mechanisms for zero knowledge proofs need not be third party (although they can be). They can also be made dependent on other attributes (location, time, how many sieverts/unit time are being given off by the local banana plantation, has third party completed action “x”).This way you can even keep a secret from yourself until a condition is true.   

       Although I am still not getting the problem, nor the solution, posed by [idris...]. The most useful implementation would be the // It would also be useful for things such as keeping the combination lock code on your cookie jar a secret from yourself until the day your diet is scheduled to end.// and the like. I.e keeping secrets secret, even from oneself. Zero knowledge proofs would be the key (i know, bad joke) to this system, as opposed to issuing, and administrating, large amounts of keys, and times, etc.
4whom, Apr 10 2011
  

       I wonder if there is anyway to perhaps to make the confirmation of time a p2p process perhaps.   

       E.g. The packet needs to bounce around a number of times and encounter a x-number of computers with the correct time to compute the correct decryption keys.
mofosyne, Apr 10 2011
  

       [Akimbo...] now there's a problem! From your lips to...
4whom, Apr 10 2011
  

       Oh the hell 4whom! Looks like OP actually typed it up first D: , I swear I though it up independently as well.   

       Anyhow, would it work if you perhaps send copies of different parts of a key to random servers hidden in tor? At a specified time it will respond by sending the key to a specified location.   

       This may be much safer, provided most of the servers are honest, that there are enough servers and there is a critical mass of people using the services. Because these servers do not know who sent them the original key, they can't use it. Also even if they know, they have to get the other half/quarter/dozen parts of the key needed to decrypt it.
mofosyne, Apr 10 2011
  

       I appreciate your patience with me. I'm trying to grasp this but Im a two semesters away from my first Crypto course.   

       I had never thought that one would need to keep information from oneself, but your example makes a good point Idris!
bob, Apr 10 2011
  

       I suppose using a public key and then losing the private key, then supplying appropriate brute force cracking software sort of gives it some kind of time delay if the number of digits for encoding is controlled.   

       But how about some kind of hardware dongle that uses a clock that ouputs something using the signature technique. I'll need to sit down and go through it on paper 'cos I can't quite remember all the principles.
Ling, Apr 11 2011
  
      
[annotate]
  


 

back: main index

business  computer  culture  fashion  food  halfbakery  home  other  product  public  science  sport  vehicle