Re: A non-political issue

[Steve Furlong]

On Tuesday 29 October 2002 19:34, Anonymous via the Cypherpunks Tonga 
Remailer wrote:
 What technology is available to create a 2048-bit RSA key pair so
 that:

 2 - no one knows the secret part,

 3 - The secret part is kept in the box and it is safe as long as
 the box is physically secured (expense of securing the box is a don't
 care).

 8 - the key must never be destroyed, so backup is essential.

2 and 8 seem to be contradictory. Unless you just back up on the box, as 
Tim mentioned. That's not much of a backup.

If you're treating this box as an unrepairable black box, you'd just 
throw it away and use a new one if it broke. That would technically 
meet these requirements, but it would require sending out the public 
keys occasionally and it would make it possible for Fred to 
fraudulently sign a message and claim it came from one of the 
replacement boxes. If there were a single, eternal signing box he 
wouldn't be able to get away with that.

-- 
Steve FurlongComputer Condottiere   Have GNU, Will Travel

Vote Idiotarian --- it's easier than thinking

Re: A non-political issue

[Tim May]

On Tuesday, October 29, 2002, at 04:34  PM, Anonymous via the 
Cypherpunks Tonga Remailer wrote:

(possible duplicate message)

What technology is available to create a 2048-bit RSA key pair so that:

1 - the randomness comes from quantum noise


Clicks from a Geiger Counter, Johnson noise, etc. are quantum-based 
events. Feed them into a file to be used for PGP, and voila.


2 - no one knows the secret part,


Set up a script to copy the private part of the PGP key onto a diskette 
or whatever. Erase the private key from the computer.

Or move the entire computer into the box in #3.


3 - The secret part is kept in the box and it is safe as long as the 
box is physically secured (expense of securing the box is a don't 
care).

Lock the above diskette in the box. Or the computer in the box.



4 - box can do high-speed signing (say, 0.1 mS per signature) over 
some kind of network interface

I don't know about this. Others can say whether today's CPUs can do key 
signings in 0.1 mS.


5 - you can reasonably convince certain people (that stand to lose a 
lot and have huge resources) in 1, 2, 3 and 4.

Less doable. Fakery is easy. Even if they personally witnessed the 
above procedures, all sorts of subliminal channels or other sleight of 
hand tricks could be done.




6 - The operation budget is around $1m (maintenance not included).

7 - attacker's budget is around $100m

8 - the key must never be destroyed, so backup is essential.


Backup in the same box? Easy for someone to sabotage or destroy. Or 
steal.


In other words, convincing translation of a crypto problem into 
physical security problem.


It looks like the key gets created on the same box(es) on which it is 
stored, which all interested parties inspected to any desireable 
level. Once everyone is comfortable the button gets pressed to 
create/distribute the key, and then you put goons with AKs around the 
boxes and pray that no one fucked with the microprocessor ... this may 
mean buying the components at random.

Good luck.


--Tim May
--
Timothy C. May [EMAIL PROTECTED]Corralitos, California
Political: Co-founder Cypherpunks/crypto anarchy/Cyphernomicon
Technical: physics/soft errors/Smalltalk/Squeak/ML/agents/games/Go
Personal: b.1951/UCSB/Intel '74-'86/retired/investor/motorcycles/guns
Recent interests: category theory, toposes, algebraic topology