I agree there can not be a 100% purely cryptographic DMS solution, and especially not one you can let the trustee run all by himself.
If you're going to give the trustee something he can run and manage all by himself, it must be a tamperproof device that you can communicate with independently and securely. I assume you don't have a neutrino radio available, right? So I don't think that would work. It must be in *your* control, at least during the setup phase (my proposed solution with Secure Multiparty Computation only requires that no large majority of the servers are taken over by the same adversary), and nobody must be able to prevent you from communicating with it. On Wed, Sep 5, 2012 at 5:43 PM, Lodewijk andré de la porte <[email protected]>wrote: > So to be short: no, there cannot. > > The absence of new information cannot cause the information needed for > decryption to become known. Unless you find some way to reverse that or use > a hybrid crypto and non-crypto solution a DMS cannot happen. > > Anyone disagree? > > Note that a Bitcoin-like/distributed network could in potential be an > automated DMS-crypto-cheat. > > 2012/9/5 Natanael <[email protected]> > >> If the trustee (correct word?) stops passing the messages to your "CDMS" >> (cryptographic dead man switch), it would simply decrypt the original >> message automatically. So you can not put the entire mechanism in the hands >> of the trustee, especially not the part that authorizes the decryption. I >> could imagine that you would set up a remote server that would simply send >> the secret to the trustee, encrypted to his public key for security, when >> you stop "pinging" it by sending signed messages. >> >> To prevent one server from being compromised and revealing the secret >> (even if only to the trustee since it can be pre-encrypted), I could >> imagine chained-session Secure Multiparty Computation across several remote >> servers. The idea is that you run the SMPC software on your remote servers, >> give a large random number to each, they generate a keypair inside the >> virtual SMPC machine, and you encrypt the message to that key.The machines >> split the keypair among themselves using a Secure Sharing Scheme. You send >> that encrypted message to all the machines. Each day the machines re-run >> the SMPC, sends their key parts and reassemble them using the secret >> sharing scheme inside the SMPC, checks if a signed message have been >> recieved from So , and if not it decrypts the secret message to the >> trustee. A program on the machines will then see this message as the output >> from the SMPC and send it to the trustee. >> >> >> Overly complicated, maybe, but secure and can actually work. >> >> On Wed, Sep 5, 2012 at 3:51 PM, StealthMonger < >> [email protected]> wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> >>> Can there be a cryptographic "dead man switch"? A secret is to be >>> revealed only if/when signed messages stop appearing. It is to be >>> cryptographically strong and not rely on a trusted other party. >>> >>> The motivating application is a Living Trust wherein the Grantor wants >>> to keep secret, even from the Trustee, the locations of his caches of >>> gold until such time as he is no longer able to send signed messages. >>> Each signed message has to somehow avert revelation of the secret for >>> another time period (three months, say). >>> >>> - -- >>> >>> >>> -- StealthMonger <[email protected]> >>> Long, random latency is part of the price of Internet anonymity. >>> >>> anonget: Is this anonymous browsing, or what? >>> >>> http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=source&output=gplain >>> >>> stealthmail: Hide whether you're doing email, or when, or with whom. >>> mailto:[email protected]?subject=send%20index.html >>> >>> >>> Key: mailto:[email protected]?subject=send%20stealthmonger-key >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1.4.10 (GNU/Linux) >>> Comment: Processed by Mailcrypt 3.5.9 <http://mailcrypt.sourceforge.net/ >>> > >>> >>> iEYEARECAAYFAlBF1ecACgkQDkU5rhlDCl5omQCgpcuTWhFuojJkkgUOLeZwnYIf >>> TlwAnAhrxdyeLMccamIAZ8CbLZKn2jyb >>> =MaVJ >>> -----END PGP SIGNATURE----- >>> >>> _______________________________________________ >>> cryptography mailing list >>> [email protected] >>> http://lists.randombit.net/mailman/listinfo/cryptography >>> >> >> >> _______________________________________________ >> cryptography mailing list >> [email protected] >> http://lists.randombit.net/mailman/listinfo/cryptography >> >> >
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
