[148734] in cryptography@c2.net mail archive
Re: [Cryptography] On Security Architecture, The Panopticon,
daemon@ATHENA.MIT.EDU (Bill Cox)
Thu Dec 26 13:42:59 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <r422Ps-1075i-12AB55E09C3243B6BF9019FDBD82D6B0@Williams-MacBook-Pro.local>
Date: Thu, 26 Dec 2013 09:52:31 -0500
From: Bill Cox <waywardgeek@gmail.com>
To: Bill Frantz <frantz@pwpconsult.com>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============0045361526913480052==
Content-Type: multipart/alternative; boundary=047d7b414f4084b80704ee7120e4
--047d7b414f4084b80704ee7120e4
Content-Type: text/plain; charset=ISO-8859-1
On Wed, Dec 25, 2013 at 10:05 PM, Bill Frantz <frantz@pwpconsult.com> wrote:
> The bigest problem I can see with leaving the third parties out is that is
> -- where's the revenue model that provides an economic incentive to drive
> adoption? Even when third parties start out with a privacy goal, they
> provide a place to pry as seen by RIM's and Skype's dance with the national
> security agencies. There needs to be a revenue model, perhaps a distributed
> revenue model like Bitcoin's enabling of low cost electronic monitory
> exchange and the opportunity to make money by minting.
>
I agree. We need a distributed global commit-only database, and some sort
of revenue model. The BitCoin solution is extremely cool, but in the end
it's basically a Ponzi scheme. The value of the coins keeps going up, but
no one is using them to buy anything.
I have some dumb ideas in this area. I think we could build a P2P system
that allows Ripple-style microtransactions. It could allow us to plug in
our Raspberry Pi's and sell services such as storage of encrypted data or
email, speeding up downloads in torrents, or hosting games, files or web
sites.
The financial incentives would be that we essentially get free Rasberry
Pi's and other server hardware while users get cheap services. The P2P
aspects are hard, but IMO, the crypto part is even harder. As soon as
there is anything of value online that we can trade, it becomes a target.
> General purpose hardware manufacturers are as rare as Unicorns, making
> them a logical target for black coercion. A possible solution to hardware
> compromise is to run crypto code through one or more layers of
> interpretation, so it will be hard for the hardware to detect what
> computations are being performed.
>
Even something as simple and cheap as a Raspberry Pi is so complex that it
could have multiple back-doors and unintended security weaknesses in both
hardware and software. iPhones keep getting rooted, demonstrating that
even the most valuable company in the world can't secure a phone.
I agree a possible solution is multiple layers, preferably multiple layers
of hardware. For example, a simple USB stick microprocessor could have a
small single-chip RAM buffer that can electrically connect to either the
host PC/Rasberry Pi, or the USB microprocessor, but only one at a time.
The USB microprocessor could be FPGA based, making it also more easily
auditable, and we could have a discrete zener-noise based RNG that can be
fully probed providing random data. All signing of things could be done in
the FPGA. If that could be done for $20 and plugged into a $35 Rasberry
Pi, just maybe we'd be able to build a P2P system we could trust enough to
enable microtransactions. After that, all kinds of services might follow.
--047d7b414f4084b80704ee7120e4
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On W=
ed, Dec 25, 2013 at 10:05 PM, Bill Frantz <span dir=3D"ltr"><<a href=3D"=
mailto:frantz@pwpconsult.com" target=3D"_blank">frantz@pwpconsult.com</a>&g=
t;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im"><span style=3D"color:rgb(3=
4,34,34)">The bigest problem I can see with leaving the third parties out i=
s that is -- where's the revenue model that provides an economic incent=
ive to drive adoption? Even when third parties start out with a privacy goa=
l, they provide a place to pry as seen by RIM's and Skype's dance w=
ith the national security agencies. There needs to be a revenue model, perh=
aps a distributed revenue model like Bitcoin's enabling of low cost ele=
ctronic monitory exchange and the opportunity to make money by minting.</sp=
an></div>
</blockquote><div><br></div><div>I agree. =A0We need a distributed global c=
ommit-only database, and some sort of revenue model. =A0The BitCoin solutio=
n is extremely cool, but in the end it's basically a Ponzi scheme. =A0T=
he value of the coins keeps going up, but no one is using them to buy anyth=
ing.</div>
<div><br></div><div>I have some dumb ideas in this area. =A0I think we coul=
d build a P2P system that allows Ripple-style microtransactions. =A0It coul=
d allow us to plug in our Raspberry Pi's and sell services such as stor=
age of encrypted data or email, speeding up downloads in torrents, or hosti=
ng games, files or web sites.</div>
<div><br></div><div>The financial incentives would be that we essentially g=
et free Rasberry Pi's and other server hardware while users get cheap s=
ervices. =A0The P2P aspects are hard, but IMO, the crypto part is even hard=
er. =A0As soon as there is anything of value online that we can trade, it b=
ecomes a target.</div>
<div>=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;=
border-left:1px #ccc solid;padding-left:1ex">
General purpose hardware manufacturers are as rare as Unicorns, making them=
a logical target for black coercion. A possible solution to hardware compr=
omise is to run crypto code through one or more layers of interpretation, s=
o it will be hard for the hardware to detect what computations are being pe=
rformed.<br>
</blockquote><div><br></div><div>Even something as simple and cheap as a Ra=
spberry Pi is so complex that it could have multiple back-doors and uninten=
ded security weaknesses in both hardware and software. =A0iPhones keep gett=
ing rooted, demonstrating that even the most valuable company in the world =
can't secure a phone.</div>
<div><br></div><div>I agree a possible solution is multiple layers, prefera=
bly multiple layers of hardware. =A0For example, a simple USB stick micropr=
ocessor could have a small single-chip RAM buffer that can electrically con=
nect to either the host PC/Rasberry Pi, or the USB microprocessor, but only=
one at a time. =A0The USB microprocessor could be FPGA based, making it al=
so more easily auditable, and we could have a discrete zener-noise based RN=
G that can be fully probed providing random data. =A0All signing of things =
could be done in the FPGA. =A0If that could be done for $20 and plugged int=
o a $35 Rasberry Pi, just maybe we'd be able to build a P2P system we c=
ould trust enough to enable microtransactions. =A0After that, all kinds of =
services might follow.</div>
</div></div></div>
--047d7b414f4084b80704ee7120e4--
--===============0045361526913480052==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============0045361526913480052==--
