Re: Superdistribution development/release

Rohit Khare (
Wed, 03 Dec 1997 17:43:57 -0800


> Persistent Cryptographic Wrappers (RightsWrapper) - No matter
> where the
> digital document (financial newsletter, educational test, minutes from
> a court
> proceeding, sensitive health care records, etc.) goes, no matter how it
> gets
> there, whether it is used and then subsequently redistributed, etc. the
> document is always encrypted. It is never left decrypted and exposed
> even
> while it is being viewed.

Am I the only one who finds this a wee bit incredulous? If it's being
*viewed*, it's decrypted. Go ahead and print the screen or whatever else you
want, since somewhere in core there's a usable cleartext.

Putting aside any engineering complaints that somewhere on disk or on the
clipboard there's some scrap of cleartext lying around because of a bug, just
think about the theoretical limits. A Turing machine can always be captured as
the internal state + the tape. At the moment the data is decrypted, I can
freeze the machine, dump it, and replay it from that point an infintie number
of times.

There are only two ways out: 1) tie it to a physical process, using electeical
engineering to require a signal from some other part of the world (i.e. make
the machine bigger in a *nonreplayable* way -- you have to tie to a natural
source on entropy like a radioactive sample) or 2) tie it to a social process,
where other people have to observe your efforts to replay and cooperate (a la
the Surety Digital Notary model where everyone in the whole auth tree would
have to conspire to fake a timestamp).

This is a problem of "disappearing data" (term due to Stuart Haber, of
Surety): how can I give you data you can read N times an no more? Or only for
N months?

Consider an analogy to a DUI conviction, which leaves your record after 7
years, say. What that means, in practice, is NOT that no one knows you were
DUI after 7 years and one day; but that no one can use it against you in a
court of law (yes, I'm oversimplifying).

Obviously, the evidence itself can't be destroyed: just xerox the conviction
at 6 years and 364 days and notarize it.

What we need is a way to *degrade* information over time. For example, a drop
of ink in a glass of water naturally dissipates over time: Boltzmann's law and
all that. Physics can reduce the certainty of a bit in many, many ways.
Digital lgoic is somewhat harder.

What I imagine is that the disappearing package of that DUI-bit is an
executable oracle which has a certain *probability* of being correct that
decreases over time. Sort of like a Magic 8-ball. You can ask it any yes-no
question about the the phenomenon, but you will never get an absolute answer,
just a series of samples. Later on, in a court, reasonable doubt will have to
be statistically set to a confidence threshold -- because no one run will be
enough to prove anything.

What is the digital equivalent of fading parchment? More difficult, even if we
can do a fading bit, what's a fading PDF file? How can whole documents decome
less certain and less informative? (without marketeering jargon, that is :-)

And I'm still convincved it has to be based on physics, society, or trusted
hardware. And there can certainly never be certain cleartext at any point in
the cycle...

As for RightsManagement, the rest of their system seems reasonable enough --
though as sw-only it's not as absolutely bullet-proof as Cox's original
trusted hw scheme (which Yee has shown to be neccessary in the absolute).

Rohit Khare

(no longer in Boston -- but it *is* 70 degrees F here in Irvine... Faustian!)