Cryptography Reference
In-Depth Information
from a cabinet member at all. A standard group signature scheme does not solve
the problem, since it requires the prior cooperation of the other group members to
set up, and leaves Bob vulnerable to later identification by the group manager, who
may be controlled by the Prime Minister.
The correct approach is for Bob to send the story to the journalist (through an
anonymizer), signed with a ring signature scheme that names each cabinet member
(including himself) as a ring member. The journalist can verify the ring signature
on the message, and learn that it definitely came from a cabinet member. He can
even post the ring signature in his paper or web page, to prove to his readers that
the juicy story came from a reputable source. However, neither he nor his readers
can determine the actual source of the leak, and thus the whistleblower has perfect
protection even if the journalist is later forced by a judge to reveal his “source” (the
signed document).
54
This small sample of justificatory scenarios is sufficient to reveal some
recurrent tensions in cryptographer's creative production. New crypto-
graphic objects are generated through more or less straightforward com-
binations of elements of the cryptographic toolbox, such as threshold,
proxy, or fairness properties. Like so many modular Lego pieces, crypto-
graphic primitives and design patterns are assembled in new schemes and
protocols exhibiting security properties with no obvious real-world equ-
ivalents. This creative process is one of the core professional activities of
cryptographers, rewarded through conference presentations, journal pub-
lications, and commercial patents. Yet the cryptographic paper genre
seems to require that these products of mathematical creativity be justi-
fied in some “real-world” setting, motivated either by their potential
application, their evidential value, or the new threats they identify. These
justificatory scenarios are remarkable in their assumptions that the prop-
erties of cryptographic objects, as designed and discussed by cryptogra-
phers, will translate transparently into the complex social settings they
describe. In effect, the various characters that populate these scenarios
(users, adversaries, judges, etc.) understand the properties of cryptographic
technologies exactly as cryptographers themselves would. The enormous
challenges inherent in turning these cryptographic constructs into forensic
and security technologies able to perform in the context of users' everyday
lives is thus simply glossed over, assumed away. At the heart of this
oversight, I will argue, lies a fundamental difficulty in coming to terms
with a crucial intermediary between mathematics and the “real world,”
that of models.
