Cryptography Reference
In-Depth Information
Nevertheless, Alice has a possibility for fraud: she can bribe the operator of a
stamp service, or put the wrong date on her document. An audit of the service
is not included in the protocol. So we need a better protocol for mass use.
Auditing the Service
There are several ways to prevent the timestamp service from being bribed.
For example, one protocol has the service sign not only the timestamp and
hash value, but additionally an identification number of Alice as well as name,
time, and signature of the last customer — everything concatenated — and then
return this conglomerate duly signed to Alice. Moreover, it will tell her the
identification number of the next customer in line after Alice.
Depending on the auditor's persistence, this protocol can be used to determine
an arbitrary number of customers ahead and after Alice. Grossly forging a
timestamp within such a chain would be noticed immediately, since the times
stated have to be sorted in ascending order. To be able to backdate a complaint
by only one day, Alice would have to find a service that had not been used for
an entire day, and then she would have to bribe it. Not much reward in such
an undertaking.
The only problem with this scenario is that some customers could disappear
from within the chain after some years. This problem can be solved, for
example, by using distributed timestamps. To this end, Alice has her docu-
ment signed with a timestamp by many other persons. Exactly which persons
from a large set these are is determined by the hash value of her document.
This variant is secure, but costly and time-consuming.
In addition, there are protocols where the timestamp services are arranged in
a tree structure and monitored from top to bottom. Surety Technologies (an
affiliate of Bellcore) has such protocols patented in the USA.
You see that the problem is not quite as easy to solve as it appeared in the
beginning. But the security level achieved with good protocols is far beyond
a signed sheet of paper despite all doubts with regard to the security of digital
signatures. This is yet another case where cryptology can truly improve security,
rather than restoring old securities in the new world.
6.6.2 Bit Commitment
Bit commitment
is an important protocol for everyday life: you need it, for
example, if you want to deposit your will on the Internet. But more about this
later.
