[1392] in cryptography@c2.net mail archive
Re: How to build anonymous storage
daemon@ATHENA.MIT.EDU (Matt Blaze)
Sat Aug 30 17:28:09 1997
Date: Sat, 30 Aug 1997 16:53:50 -0400
From: Matt Blaze <mab@crypto.com>
To: ;@undisclosed-recipients
------- Blind-Carbon-Copy
X-Mailer: exmh version 1.6.9 8/22/96
To: Ben Laurie <ben@algroup.co.uk>
cc: John Kelsey <kelsey@plnet.net>
Subject: Re: How to build anonymous storage
In-reply-to: Your message of "Sat, 30 Aug 1997 21:15:59 BST."
<34087F7F.A6106B00@algroup.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sat, 30 Aug 1997 16:53:50 -0400
From: Matt Blaze <mab@tpc.crypto.com>
> John Kelsey wrote:
> > Comments? Has someone else done this system already?
>
> An obvious problem is backups of the salt file - the word processor
> helpfully backing it up is the least of your problems. What about the
> use wisely backing it up (on tape, for instance)?
>
> Even without that, I find it hard to believe that anyone would trust an
> important file's safety to a single copy of something that is impossible
> to reproduce.
Somthing like my oblivious key escrow scheme, presented at last year's
Cambridge Information Hiding workshop, sounds like just the ticket for this:
ftp://research.att.com/dist/mab/netescrow.ps
ftp://research.att.com/dist/mab/netescrow.tex
With a scheme like this if you lose the key file you can recover it, although
you have to convince a large number of random strangers to help you. Of
course, this also introduces some new and interesting tradeoffs (that have
approximately the inverse property of the tradeoffs in the basic Eternity
service itself): if popular opinion runs wildly in favor of discovering
a key, it might be recovered via "angry mob cryptanalysis."
One of the cute things about Eternity (and Oblivious Key Escrow) is that
larger scale makes the problems easier to solve. In most areas of distributed
computing, we worry about finding ways to make systems that work on a
small, local scale work on a large, global scale. Here, we have the opposite
problem: can we make systems like Eternity work well enough without requiring
the participation of a substantial fraction of, say, the Internet?
- -matt
------- End of Blind-Carbon-Copy
