Slashdot Mirror
After the Belfast Project Fiasco, Time For Another Look At Time Capsule Crypto?
JonZittrain (628028) writes "I'm curious whether there are good prospects for 'time capsule encryption,' one of several ways of storing information that renders it inaccessible to anyone until certain conditions — such as the passage of time — are met? Libraries and archives could offer such technology as part of accepting papers and manuscripts, especially in the wake of the 'Belfast Project' situation, where a library promised confidentiality for accounts of the Troubles in North Ireland, and then found itself amidst subpoenas from law enforcement looking to solve long-cold cases. But the principle could apply to any person or company thinking that there's a choice between leaving information exposed to leakage, or destroying it entirely. Some suggested solutions are very much out of the box."
This is another form of DRM.
Of course content providers will salivate over making these devices do just the opposite - provide access to a given device or media for an "approved" period of time before rendering it unusable.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
Make the key two parts.
One part of the primary key is secretly delivered to the person. This is your standard PGP.
The other key is dispersed on a website after a certain time. Add the two keys together and you end up with a full key.
God spoke to me
So who gets to keep the half that goes on the website? What's to stop them from getting subpoenaed, hacked, or otherwise compromised?
You do not have a moral or legal right to do absolutely anything you want.
Launch the data into oputer space on a satellite, programmed to transmit the data after a set time period. For best results, send the machine on a massive period orbit to the outer solar system, or in a pinch, crash land it it on the Moon or Mars.
Governments will either have to give up, or else fund massive space project. Either way, we win.
May the Maths Be with you!
Send it on an elliptical orbit around the sun. Depending how many years you want before the key is back in our neighborhood, you select the appropriate orbit. Hmm, perhaps SpaceX should look into it and start commercializing such a service ;)
Violence is the last refuge of the incompetent. Polar Scope Align for iOS
There's no honor in this world so don't be an idiot in trusting people with your private junk.
Most modern cryptography works because it's difficult to solve certain math problems, but the limits of "difficult" keep getting bigger. It should be possible to make a rough estimate of how much processing power will be available to break your encryption by what date, to the parties of interest. Make your keys that strong, and hope you're close.
To build off of the Belfast Project example from TFS, a 50-year timespan might be reasonable. What kind of decryption ability might we have in 50 years? I'm no expert in cryptography, but an elliptic curve algorithm with a fairly-strong key seems reasonable to me. Encrypt it, destroy the plaintext, and forget about it. Forty-five years from now, a government might have the ability to decrypt the material, but they'd have to care, first. It might take sixty years for a data-crunching powerhouse like Google to decrypt it, and perhaps in sixty-five years, they'll see fit to run a PR stunt by unlocking the time capsule.
There's a lot of guesswork and estimation involved, but such is the nature of all time capsules. You're assuming that the capsule will be intact and unlockable at a future time, which necessarily involves predicting future capabilities.
You do not have a moral or legal right to do absolutely anything you want.
There is no way to do this purely in software, because there is no way for software to verify its inputs.
It ought to be conceptually possible to implement your "passage of time" example in tamper-proofed hardware, where the clock is part of the tamper-proofed payload.
Regardless of the complexity, no cryptographic system yet known or theorized can be made absolutely secure.
You could envision a chip that's tamper-resistant at the hardware level (similar to the widely-used chip+PIN or one-time-password devices), contains a real-time or duration clock, is self-powered, holds an encrypted secret key, and will only give up that key in the presence of a passphrase AND after a certain amount of time has passed since it was turned on.
Communications with your lawyer are privileged. Give them your information with instructions on when and how to release it. Make sure to pay them in advance.
This is standard stuff in may novels because it kind of works.
Is it 100% effective? Maybe not. But it's a layer of protection. If you are especially paranoid, give one lawyer a 1-time pad encrypted hardcopy file. Give another the key.
The world is made by those who show up for the job.
Make the key two parts.
One part of the primary key is secretly delivered to the person. This is your standard PGP.
The other key is dispersed on a website after a certain time. Add the two keys together and you end up with a full key.
This is a start, but you can generalize + scale it beyond 2. Threshold encryption allows N of M key holders to decrypt something. You can have semi-trusted organizations have lists of public keys for which they will publish the private keys at various times. You can pick some of those, and any additional private parties you wish, and set N and M as appropriate for your particular situation. There are a couple details to work out to get it all working, but it should be practical.
Computers don't know what time it is. They'll accept what ever time is set.
The only way to have something encrypted for a period of time is to not publish the encryption key for that period of time.
The first two links in the summary are basically "make it easy enough to crack based on an assumption of the computational power available in the future"
The 3rd is publishing a key on a network at a given time.
DRM is predicated on the ability to give someone the key or a key-equivalent (capable of producing the plaintext media), and then essentially *take it back from you* along with the decrypted plaintext, so you can't reuse the key or otherwise record the plaintext without asking for permission again. That's impossibly daft.
This case, though, just needs a smartcard that's programmed to only give up a key after a certain amount of time has passed (i.e. the same things you trust to keep a key safe from someone who steals your one-time-password key fob, or your chip+PIN credit/debit card). Once the key is out it's out, and anyone with the key is allowed to read the plaintext as often as they want forever and ever, by design.
Freaking weirdos around here skew what everyone else considers good and decent, as if they're twisted perception of reality is anything other than what it is: peverse, deranged, and psychotic.
n/t
Is anyone so sure that this is a 'fiasco'?
It might be seen as some abstract fiaso of ethics in the USA, but that shit happened to people for real. Boston College screwed up, for sure, with a rather naive and slightly patronising project, but the rest is the law at work, in a way that it should work; uncovering truth and exposing wrongdoers to prosecution.
I was a kid living in the south east of england, at the time, and the closest things really came was a bomb in a railway station at rush hour on a line my dad used; not very close at all. But to me it's more like a revelation than a fiasco.
I am of the view that the best solution is a truth and reconciliation commission. The story is extraordinarily complex (even down to the perhaps surprising reason the army were sent in the first place), but bad things happened on both sides through terrible reasoning. Nevertheless, progress has been astonishing, and it seems to me to be a failure of the full potential for human development that lessons for other similar struggles shouldn't be learned because some participants made some peculiar deals with entities who were outside the system.
Example - 10 keepers chosen, 4 in UK, 1 in Iceland, 2 in Australia, 1 in USA, 1 in Uruguay and 1 in Morocco. Policy chosen so that the cooperation of 7 is required to decrypt. Each keeper then is thus issued 84 strings. 1 agent dies, another agent gets busted, and a third agent becomes opposed to the decryption. This leaves 7 agents. They each send their key packages in to the time capsule curator, who decrypts each package, identifies which string within each package is need to form the key, XORs these strings, then arrives at a final decryption key. Even if an intelligence organisation manages to extract keys from 6 of the agents, they won't be able to decrypt. If on the other hand, they kill up to 3 of the agents and stop them returning their keys, the decryption can still go ahead. Ideally, you would want to set n and m according to perceived risk, plus the size of the data set. For example, 36 agents and 20 required would produce a key set which would fit into a cheap 8GB USB stick.
-- In the beginning was the WORD, and the WORD was UNSIGNED, and the main(){} was without form and void...
So who gets to keep the half that goes on the website? What's to stop them from getting subpoenaed, hacked, or otherwise compromised?
Nothing in principle. However, there are secret-sharing techniques that would make this more practical: it is possible to divide a secret into N parts; but construct the divided pieces such that anywhere from 1 to N of them are required to reconstruct the original secret.
This doesn't solve the problem in any fundamental way; but it does help. You can now control both the risk of the secret being permanently lost(increase the number of parties who have parts, possibly even providing a given part to more than one party) and control the risk of enough parties being compromised to reveal the secret(set the number of required parts equal to, or close to N, and distribute the parts among different jurisdictions, storage mechanisms, and so on).
No perfectly elegant solution; but at least you get to pick your poison.
I started working on software to do this a few years back. I concluded that all the software is already written if you have a need and the problems are all regarding the way the user wants to protect the information, how much money they have to spend and how careful they are. In other words, it's a social/societal problem and you could setup a consulting service to help people do it, but software probably wouldn't be much benefit.
Here is an example:
First encrypt all the things. Then give the encrypted file to anyone since you're going to assume for the sake of this slashdot post that the crypto is unbreakable (if you're unwilling to accept this assumption then feel free to divide the data the same way the key is outlaid).
Next establish some trusts in your name and appoint a number of people as trust managers. This should probably be more than one trust and definitely more than one person. You may even need to obscure who creates the trust depending on what you're hiding and who might want to get it. Try to make some of the trust managers overseas might be good if you're worried about long term survivability of your data, since stability of a country might be in question in 100 years or so.
Now, cut your key into two halfs (or more), write out instructions that the managers are to meet at some location at a certain date. None of the managers should know any of the other managers. For survivability you might give a duplicate copy of parts of the key to multiple people so if one person doesn't show up there is still a chance to recover from it.
Ultimately nobody has knowledge of anything. On the date in question the responsible people show up only with the knowledge they are supposed to arrive with their bit of information. It could be that they don't arrive anywhere at all and their instructions are to publish the information. Without having context only the receiver would know what the completed key was for, and even they might have only been instructed to hold on to data for 100 years then accept the key when it arrives.
This scheme works best if there are multiple companies around the world formed with the purpose of doing this for people, or if it was a common service asked for at banks/law offices/etc. If the lawyer is holding on to only one key for 100 years they might become curious and try to figure out what it's for. If it's one key amongst thousands then it's nothing more than a tiny amount of data they're paid to deal with. They would also be less likely to publish the information out of turn because it could be they're storing it for something worth less than the amount they're paid to escrow it.
You do know this damages the security of the system by way more than half assuming a brute-force attack, right?
Say I have a piece of clear text I don't want you to read. I can encrypt it with a password. Now for you to read it you would need to brute force the password. This takes time. The strength of the password I pick will alter the speed at with you can read my message (somewhere between milliseconds and the heat death of the universe).
This however is not very practical because there is no way to know that you can read or will read after a fixed period of time. Too many variables. So Here is one way to make it a bit better. On my machine I take a salt and hash and rehash it for a minute. Then I use the output to encrypt my message and give you the salt and the number of hash operations I performed. Assuming you used the same hardware you could only read it after the time period it took to do the hashing (1 minute).
This still isn't very practical because hardware is always improving and I would not like to spend a large amount of time if I want to have a long delay for the message to be read. This to can be fixed. Since I have a multi-core cpu I make a salt for each core and start hashing. Then I use the output of the first to encrypt the salt and hash count of the second. I repeat this for all other cores, using the last hash output for the key to the message. Once again I give you the first salt and the first hash count. You are forced to perform the decryption in serial, while I was able to encrypt it in parallel. This allows us to make larger time delays and outperform new faster hardware with older slow hardware.
No DRM style trust or obfuscation is required. But if a weakness is found in the hashing algorithm before the read delay is met it will fall down. You also need to establish that your message (that could be fake) is worth the cpu cycles trying to unlock.
Use an embedded computer, designed to self destruct if tampered with. When the clock runs down it uploads the secret code to the web site. You don't "have" the code, and any attempt to get it will "destroy evidence".
Mission impossible figured this out it the 60s.
"This tape will self destruct in 5 seconds" *POOF*
But seriously, any truly secure system will have to take several things into account:
1. Any data transmitted in any way is vulnerable to interception.
2. Systems can be hacked using security vulnerabilities you're not even aware of.
3. Given enough time, all systems become circumventable with new technology.
So, so account for #1, you can't allow the data to be transmitted. So the data must be stored physically and locally. For #2, you must limit the readers ability to access the data. The more rudimentary the better. For #3 you need to prevent the physical storage device from making it into the future.
So, what I'd propose is a box that's at least an inch thick and made of lead (or other very dense material.) Access to the data on the device would be through a single serial port. You could only connect via telnet, and your security would remain internal. Power would need to be provided by an internal battery. The entire device would need to be lined with white phosphorous/oxidizer or other chemical igniter. The rules for setting off the phosphorous would need to be relatively simply so it couldn't be gamed. Any shock, rapid heat change, or attempt to open the device should set it off. And an attempt to drill a hole into the device would expose the phosphorous to air and likewise set it off. Also, after a certain period of time had elapsed OR the battery started to run low, it should go off. Attempts to hack the serial interface should set it off.
Viola, hackproof.
I think you'll need to generate a key based on some sort of natural system that's periodic. Let's suppose you have a noisy object in space that's consistent over time and visible only once a year. So create the key on day one, loose the key, then replicate the key the following year once visible. You'll have to select something where the noise is not already being recorded, but you get the idea. Maybe you'll need a series of objects to increase the strength of the key and maybe there's something else out there that is better but captures the spirit of the solution.
Just brainstorming. Sound reasonable? Is there any other natural systems such as the one I posed? I'm no cosmologist!
Why not just get a safety-deposit box and a lawyer. Pay the lawyer to open the box up and distribute the contents after x-number of years. If you are expecting to die before that date put a clause in your will to continue paying the lawyer's fees. Worried the lawyer will retire before then? Word the contract so that the lawyer has to transfer it to another lawyer who keeps getting paid by you.
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
I was thinking about this task a few weeks ago from the point of view of a real-world application: you're travelling in a war zone and want to ensure that your files are safe *even from yourself, your friends, your employer, and everyone who cares about you*. Because if you're taken prisoner, they're not going to use a 30 million dollar supercomputing cluster to crack the encryption on your laptop; they're going to work you over with a pair of pliers, perhaps taking off a few body parts, until you tell them. And if you don't have the key, they'll just threaten harm to you to people you care about who do - assuming they can't outright capture said people as well. Nobody you now can be responsible for the key. The key has to be held by someone who by nature of their contract doesn't give a rat's arse about you and won't change their terms even to save your life.
But of course, what if they were compromised - legally (subpoena), or extrajudicially (someone with a pair of pliers)? So we get into the sitution where a server for a service that controls giving out of keys needs to be safe even from its owners. While terms for key storage involving personal judgement calls (such as "did the person contracting with us successfully make it out of the country and is no longer under coersion?") can't be automated, simple time locks can, so the issue simply comes down to, "Can you keep reliable running key storage system that can't be compromised even by physical access"? A potential solution to reliability (since any system tht locked will be immune to maintenance as well!) would be to store the every key on multiple running systems in different locations in hopes that at least one of them lives long enough to yield the key at the correct time. As for security, for example, even with full memory encryption, ram is vulnerable to cold boot attacks and the key to decrypting memory has to be stored somewhere, but one solution to that is storing critical portions of data only in CPU cache. But that's only one possible attack vector among many. At least you could respond to a subpoena, "Hey, maybe you have a way to get at this data, but I sure don't. If you'd like to fund a multi-million dollar research project on how to get ahold of it, I won't stand in your way, I'll be fully cooperative..." You could also make it harder by having a multi-part key, with each part held by different entities in different jurisdictions. Though that could increase reliability challenges.
In short, at the very least you can make it very, very difficult to get keys. Maybe you can't stop a secret NSA raid on all physical servers taking part the world over, but you could stop pretty much anything else.
Very well; let this abomination unto the Lord begin!
So who gets to keep the half that goes on the website?
A hobbit. They can be trusted. Don't you know nothin'?
clay tablets and drop them into the benthic muck.
I had an idea for how to do this one time, I never actually implemented it. You could simply delete part of the encryption key and make the rest of the key public. Then people would have to guess the missing bits which would require time exponential in the number of key bits you deleted. You could estimate the amount of time that would be required by your target audience to break the cypher by brute force (accounting for you favorite version of Moore's law) and delete an amount of key that was appropriate to your application.
"Promise me, Red. If you ever get out... find that spot. At the base of that wall, you'll find a rock that has no earthly business in a Maine hayfield. Piece of black, volcanic glass. There's something buried under it I want you to have."
Security by burying things under rocks seems as good a technique as any, in geological time.
A safe deposit box with the data stored in it. A key in the possession of a time keeper, such as a suitable law firm, and a third party to receive the information.
But what format to use that will remain useable after 50 years...
Phil
Laugh, it's good for you!
Is anyone so sure that this is a 'fiasco'?
It might be seen as some abstract fiaso of ethics in the USA, but that shit happened to people for real. Boston College screwed up, for sure, with a rather naive and slightly patronising project, but the rest is the law at work, in a way that it should work; uncovering truth and exposing wrongdoers to prosecution.
People have a right against self-incrimination. At least they do in the U.S.. I've heard what passes for "Miranda Rights" in the U.K., and you are effectively forced to incriminate yourself to assert an affirmative defense later. Basically, you have to make a decision up front, often without legal counsel, in order to be able to rely on the information in court later, should you choose that method of defense later.
The real question is whether or not Boston University was (A) capable of offering such guarantees, and (B) failed in honoring its obligations, and (C) was legally in the right to honor said obligations in the first place, when the information in question involved criminal matters.
The premise of this article is broken. Time locked crypto would not have prevented the disclosure, since the point of the disclosure was to allow the study of the situation now, not after everyone is dead. Even had all reverences to specific individuals been struck, the remaining documents, if disclosed, would have been enough to conduct traffic analysis, and haul in the major players for interviews.
Clearly, by sealing the records from the Warren Commission until 2039 (a term which was reduced based on the FOIA), but then redacting sections of the report, and then keeping the rest under seal until 2017 (it's not clear the redacted portions will be made public at that time, or remain redacted), the government has acknowledged that there are cases where obtaining, and then judicially time sealing it until a later date, serves the public interest.
The question in this case is why, given a similarly sensitive political subject, the information was not treated the same way.
The only difference seems to be that they didn't specifically have apriori involvement of judicial authority.
Use a key that's distributed and at least partially redundant. For example, break the key into 20 sections, and allow decryption with a minimum of at least 11 of those sections present.
Distribute the key sections to geographically diverse, trusted people, in different countries with different governments, with the instructions to keep them somewhere safe, and on a certain date (ie: Jan 1, 2020) publish them online in a known location.
Sure, some people might be jerks, or accidentally publish ahead of time (or not at all), but assuming that (in this case) 55% of the keys are available, the file can be unlocked. Of course, you could change the number of key sections required based on how critical secrecy is vs. security, etc.
"Nothing strengthens authority so much as silence." - Charles de Gaulle
Easier idea. Put the data in a tiny pressurized capsule and drop it deep in the ocean. After a set amount of time the capsule is designed to inflate an air bladder, rise to the surface and transmit via radio frequency.
There's no way to retrieve this ahead of time because:
1. The ocean is vast and the capsule is tiny.
2. The ocean is so deep that you would have to send a robotic submarine to find it and no one would know where to look. If you can lose a plane at the bottom of the ocean, you can lose a 1 foot capsule even more easily.
You guys are thinking too much into this. Any third party you entrust your secret to (bank authorities, lawyers, software etc) is a potential point of breach.
Just keep your information in hard copy (papers, journals etc), put it in a box, lock it up and bury it. Entrust the secret and key to a son/daughter with strict instructions it is not to be opened until you pass away, with the warning that the secrets revealed may destroy the family.
The less people know about it, the more secure it is.
I'd rather trust family who have an interest in protecting your secrets rather than some stranger or worse, impersonal unthinking code. And having a living, thinking secret keeper who can respond to challenges and situations you may not even forsee is far more effective.
Better yet, send your time capsule into orbit around the sun. That'd make getting it back more exciting, too.
Write it out on archival paper, put it in a sealed ceramic pot and bury it on the lee side of a travelling sand dune.
- Ceramic so metal detectors won't find it.
- how high up on the dune is determined by how fast the dune is travelling, and how long you want it to stay buried.
- make the average density of the pot plus contents the same as the sand, so it neither sinks nor floats.
I'm guessing that wasn't on their radar screen...
The only way I can see files being kept inaccessible without putting them in a long orbit is to use hardware that is too much of a pain to compromise, possibly with a deadman destruction system to make tampering very risky.
If there's any form of encryption that has an existing key, all they need is the key. Of course, if they can't find it, it's no use for them, but it's pretty obvious that's not going to cut it since they are legally required to turn it over if given the proper paperwork. Going to jail for not giving it to them is not a viable solution to this dilemma.
They are after a way to make files safe for a predetermined period of time in such a fashion that it can NOT be accessed prematurely, it CAN be accessed after that period of time, and can't be easily circumvented by legal or other means.
Again, I don't see any way of fulfilling that without some hardware equivalent of a time lock safe. Obviously the 'clock' would have to be inside the protection system since if it wasn't that would be an easy way to pop it early.
It would be fantastic if someone can think of a perverse method of making this work just with encryption. I don't see it happening, but one in a million chances happen every day.
Take a secure hashing function.
Hash some iv
Take the resulting hash and hash it.
Keep going for some time X.
At the end of X you have a key to use for your block cipher...
Encrypt your data..
Hang on to the iv
After you release the iv the data still has X at a minimum before being unlocked.
A hobbit. They can be trusted. Don't you know nothin'?
No. Then it'd have to be a whole key ring.
-- Alastair
Just destroy the data reliably. There is enough vision-less scum around that anything else will be far too risky.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Two flaws:
1) Communications with lawyers are currently privileged, but laws can be changed so that they are not. Assuming we're talking about 21st Century America, that's even pretty reasonably possible.
2) Give me the lawyer tied to a chair, and a few simple tools, and I can obtain the information. If the lawyer explains that kidnapping and torture are violations of the law, blah blah something about confidentiality, I can reply with "I was asking you about the secret, not your laws," as I snip off one of his fingers. He won't try that distraction from the relevant issue, again!
I think this post may be the best in the thread because it answers the question (time based, not coy power), it's somewhat practical unlike astronomical solutions, and recent events show it would be secure. If multiple motivated governments can't find an airliner, someone in a Snowden-like position could be reasonably confident that a small container dropped even just off the coast of California would remain there for quite a long time.
Put the data in a tiny pressurized capsule and drop it deep in the ocean. After a set amount of time the capsule is designed to inflate an air bladder, rise to the surface and transmit via radio frequency.
There's no way to retrieve this ahead of time because:
1. The ocean is vast and the capsule is tiny.
2. The ocean is so deep that you would have to send a robotic submarine to find it and no one would know where to look. If you can lose a plane at the bottom of the ocean, you can lose a 1 foot capsule even more easily.
""I'm curious whether there are good prospects for 'time capsule encryption,' one of several ways of storing information that renders it inaccessible to anyone until certain conditions â" such as the passage of time â" are met?"
The motivation for this question is vague. It could be that the OP has information about a criminal element that she wants released if she suffers an untimely death. It could be that the OP has solved the problem of nuclear fusion but is not ready to share it yet. The motivation is so vague that there is no way to address the question coherently - let's assume it's just for releasing info at a much later time.
'Time capsule' - I attended a time capsule burial a while back. Someone will dig it up in 100 years. It contains a variety of stuff- printed text, objects & some digital material. The digital stuff will probably be indecipherable with equipment available in the year 2108. The 'time capsule' concept might still be best despite our gravitation to digital and the 'cloud'. Encryption will not be necessary.
Printed text on quality paper should be good for well over 100 years. Physical materials might be the best way to preserve the message. A physical location might be the best place. A simple timer that sets off a weak explosion that exposes the trove might be ideal. Locate the capsule thoughtfully- not in downtown London, not in Antarctica, not in the Mariana Trench. Protect the payload from the elements. The timer & explosives need to survive the time you set. You might offer hints to potentially interested parties about the locale and timing of the release of your important capsule.
But before you go to all this trouble you should ask yourself- what information do you have that might matter to people in the future? Is this just an ego stunt or something that might really benefit someone in that time?
...omphaloskepsis often...
Shoot a laser at Alpha Centauri with your encrypted message. It should only be recoverable when the signal bounces back to us.
So you make a quantum mechanical system which evolves over time and which only reveals the correct key if observed at the correct time. Observing it at any other time erases (parts of) the required information. Practically difficult to make if we're talking about delays longer than picoseconds probably, but the problem specification didn't include a timescale.
Because if you're taken prisoner, they're not going to use a 30 million dollar supercomputing cluster to crack the encryption on your laptop; they're going to work you over with a pair of pliers, perhaps taking off a few body parts, until you tell them.
I spy a tiny weakness in your plan. The guys with pliers. Do you think that telling them that you don't have the key will stop them from taking off your body parts before you run out of convenient body parts to take off?
This doesn't solve the problem in any fundamental way; but it does help.
Actually I don't think it is possible to solve it at a fundamental level. The laws of physics are invariant under time. In fact this symmetry is what gives us conservation of energy. What this means is that any physical system must work the same regardless of when it is operated. The result is that the only way to make such a temporal crypto algorithm would be to use a tamper-proof physical device which will measure the passage of time - you cannot develop a time lock algorithm which will only run when the time is X since no physical system can measure absolute time only a change in time.
Since making something like that would be exceedingly hard, if not impossible, to make tamper proof you are reliant on how securely the device is stored which is pretty much the system which already exists. All you can do, as you suggest, is make it hard to assemble the pieces before the correct time.
"But what format to use that will remain useable after 50 years..."
Yeah man. How could you possibly write something down for 50 years? I mean, I wish we had the technology, would be so nice to hear those sinfonies mozart wrote, or read some ancient books, or see some illustrations of old times. Too bad it's impossible.
Ok, I know you meant "digital rot". Easy to circumvent. Just describe formats used on paper, then burn data to silicon, steel, clay, or any other "lasts more than 50 years in dry conditions" media with laser or drill or something.
" And an attempt to drill a hole into the device would expose the phosphorous to air and likewise set it off."
I could drill it in a vacuum. Or inside protective gas. Wouldn't burn if it didn't have it's own oxidiser.
"Use an embedded computer, designed to self destruct if tampered with. When the clock runs down it uploads the secret code to the web site. You don't "have" the code, and any attempt to get it will "destroy evidence"."
"Destroying the evidence" will be the goal of many people, so they'll be able to do that.
This is meant to prevent that _too_.
The speed of light can be made arbitrarily slow within a Bose-Einstein condesate. In fact it can be stopped. Encode the data and send it as a light beam into a Bose-Einstein condesate. Now your problem is maintaining stability of the condesate for a long period of time and "unfreezing" it at that time.
This is just some ego thing for the secret holder, nobody else cares after 50 or 100 years.
Solutions depending upon space travel etc. seem both expensive and dependent on future technology not somehow making recovery too inexpensive. Ditto other high-tech solutions.
I have a notion of a different strategy, but cannot figure out all the necessary details. Suppose we could derive a strong encryption technology that could not likely be broken within the time period of interest. (This is uncertain and questionable!) That encryption should be arranged to depend upon a _long_ key, assume for discussion a concatenation of a large number of numbers that _cannot_ be known before the target date, How to define years in advance a large set of numbers that will magically appear at some specific future time? Two suggestions of indeterminate brittleness (where "brittleness" means the probability that the depended-upon machinery will no longer exist).
Pick some large number of U.S. and world cities -- perhaps in the 1000's --- and on the magic date concatenate the ordered set of max/min temperatures reported by some identifiable set of weather reporting entities. Provide fallback (default values?) for cities that no longer exist, or which are no longer reported, or whatever. Specify fallback for reporting organizations that disappear. The intent of the fallback definition is to provide algorithmic keys regardless what has happened to the data-generating organizations over time.
Obviously, this computation becomes more brittle the longer civilization runs. One would not want to depend upon temperature reported in the NY Times, because the NYT might not be around in another century, or might not bother reporting weather since that data is more available on whatever has replaced the web. But it ought be possible with enough careful thinking to devise a dataset definition that could be interpreted unambiguously after reasonable lengths of time.
As backup, several such dataset definitions should be defined. For example, use the stock market: The first N digits of the closing price a large number of stocks (or their well-defined successors) with defaults to ignore data (stocks) that no longer exist. The stock market might not exist in 100 years, not NOAH, but enough well-defined fallbacks could be defined. It might not matter if any particular fallback is no longer well defined, fallback to the next fallback. It doesn't matter much if this fallback to different collections of time-dependent data branches or requires expensive multiple tries. The principle of decryption is that its computation is much much less expensive than brute force attack.
So, on the target release date, the vault machine goes out on the internet (or is "manually" passed the necessary set of numbers, since whatever has replaced the internet won't be accessible by even 25-year-old systems) and if the thousands of collected digits match, it should decrypt the payload. It is almost certain that any data disambiguation algorithm will become ambiguous over time. But if the ambiguities don't branch into too many separate paths, they can each be followed to see if any one works. Assume that processor time is very very inexpensive.
This sort of solution presumes that the vault machine can determine the time, so it couldn't be tricked into thinking that the time has expired. Some sort of high-capacity power backup and wipe-on-intrusion machinery is required. Technical details left to my SlashDot colleagues. Determining enough likely-surviving data sources over 25, 50, or 100 years is a very interesting techno-sociological problem!
Especially because people can be trusted and it really is impossible to change computer clocks.
I can't wrap my head around exactly how, but it seems that the block chain is the closest thing we have to a cryptographic timestamp
So you want to hide evidence and confessions of terrorists.
No supprises there, America and yanks funded the Provisional IRA, you bastards, and I hope you all burn in a nuclear bomb and dirty bomb in your own back yard.
every time I hear of yanks and americans under attack and die, I shed no tears.
America and Yanks are supporters and funders of terrorism.
I am from Northern Ireland and have seen what you have all FUNDED and SUPPORTED.
I am not your ally and wish all you yanks would GO HOME.
On a lesser scale, a "time lock" would be useful when entering countries that are known to "borrow" laptops and other equipment.
From the end user perspective, having all data not accessible in any way for that time period may be a useful thing.
However, there are three ways to implement this:
1: A Web page that one puts in a key to wrap encrypted with the site's secret key, and after the time interval elapses, sends you the decrypted key.
2: A program that runs on numerous computers that splits up the key where, say 7 out of 9 pieces are needed to recover it, and each peer has its own clock.
3: Have a dedicated computer somewhere able to decrypt the key after "X" amount of time multipled by the computer's CPU cycles.
All three have weaknesses, but number 2 would go a long way to ensuring the time lock kept ticking.
shouldn't it be possible to set the password to the time capsule based on an organism that grows from a given DNA?
in a way that is an extremely complex system thus not likely to be simulated,
but it is very simple to get the result.
for example looking at a cow which is 3 years old in some farm, and check what are her current properties(you will need to pick properties which will not bee too small of a keyspace of course, and properties that dont show up too early either) you set that as the pwd for some symmetrical key.
you take her DNA sample and attache it as the "base key" and if you really want to be safe you should probably make sure said cow is not alive(by choosing one which is about to be slaughtered anyway? there are some "humane" ways probably ) when people start searching for cows with that exact DNA.
I believe the dns-sec root keys are an example of a key in multiple parts.
The master key can be reconstructed by combining 7 keys together.
There are 14 people that have part of the key and I believe any 7 people can be used to recreate the whole key again.
Traveller campaign: intercept "time-capsules" bound for Earth-orbit trajectory, discover hottest "blast from the past" media chum weeks-months before the story breaks and secure exclusive rights to the descendent's interview.
It's called "Northern Ireland". Submitter is presumably an American, has never been within 2000 miles of Ireland, and couldn't even point to it on a map. A map of the Western half of the British Isles.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Drop the goods into an ocean trench or any abyssal deep, with a timer that will inflate floatation devices and location beacon in x-number of decades. If the world cannot find an airliner, they are certainly not going to find a time capsule.
So you're saying to use elliptical curve encryption?
>especially in the wake of the 'Belfast Project' situation, where a library promised confidentiality for accounts of the Troubles in North Ireland, and then found itself amidst subpoenas from law enforcement looking to solve long-cold cases.
Are we supposed to feel sympathy when murdering scum finally face the justice they deserve?
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Distribute pieces of the key to a large number of anonymous individuals, such that thousands of pieces are needed for decryption. A popular Linux distro like Ubuntu could run necessary software by default and, in exchange, give users ability to use timed encryption for their own needs.
The difficult part is finding some place to put your device where it can transmit data that everyone can receive, but it can not be otherwise accessed. ("Recipe for unicorn soup: First, catch a unicorn...") However, there are some possibilities. On the Moon would be good for a decade or so. Even an ordinary orbit, with "destruct if anyone gets close" circuitry, would be a possibility.
Now, the easy part. Generate a bunch of ginormous public/private key pairs, one for each day of secrecy expiration you want to provide with this device. Store the private keys on the device, programmed to continuously transmit all expired private keys. Publish the public keys.
Now, to encrypt something to be revealed on January 1, 2038, you just encrypt it with the "January 1, 2038" public key. Not even you can decrypt it until the private key is transmited by the repository.
Of course, there is the itty bitty trust issue that the entity making the device didn't keep a copy of the private keys.
I'm only disappointed that the terrrorists weren't charged and convicted. People like Gerry Adams have alot of blood on their hands, and many people have to deal with the loss of familie members and injuries every day. Fuck the rights of the terrorists.
Yeah, well, you have two of them.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Expiring key cryptography in reverse is a bizarre application. "This data not available until the statute of limitations has expired" - I can see it being very popular on Wall street.
Organization? You must be joking..