Imagine this scenario; 10 scientists locked in a room make a prediction for a catastrophic event very far in the future. If that information is released now, there will either be meaningless mass panic or outright scorn and disbelief. The 10 of them make a pact to release this information 50 or 100 years in the future. What’s the method?
10 sealed envelopes, each containing a copy of the prediction, passed down through generations, to be revealed at the right time.
There are several ways why this can fail. Human curiosity to open such a mysterious letter, Human greed to trade information for some monetary gain, natural disasters like fire or flood or even something basic like carelessness.
When a similar scenario of keeping secret the individual contributions to The Belfast Project till the death of the involved parties failed, Jonathan Zittrain, director of the Berkman Center for Internet and Society at Harvard University, started thinking about how to ensure that data are protected for the promised time period.
Mr Zittrain received a $35,000 grant from the Knight Foundation, an organisation dedicated to “informed and engaged communities”, to create an encrypted “time-capsule” service. Its aim is to enable a person to securely send a message, in effect, into the future—encrypted in such a way that it cannot be read by anyone until a certain date or event.
How does such a system work?
Well, there are a few options by which we can achieve what may be referred to as a “dark archive”.
One is to lock a digital version of the message behind a cryptographic puzzle that current computers are incapable of solving, but that computers ten or 20 years in the future (presumed to be far faster and cleverer) could tackle with ease. That plan, however, is fraught with uncertainty around the pace of technological progress.
Mr Zittrain’s idea is to use a “bank and trust” model instead. He intends to encrypt the data with the best technology available today, then split the key that unlocks the encryption into multiple fragments. Each fragment would be entrusted to a library or lawyer in a different jurisdiction, who would be instructed to hand it back only once the specified conditions had been met (or if forced to do so by some legal challenge).
Imagine key fragments distributed around the world to, say, ten parties, requiring the cooperation of at least six of them to reassemble the key needed to get the documents. The parties would be instructed only to announce the keys when the original owner’s specified conditions are met.
Early disclosure wouldn’t be impossible, but it would require a sustained effort that would only be worth undertaking if the access were a genuine priority, and one justifiable to the authorities of several countries who could each in turn pressure their respective keyholders. That kind of encryption is easy to do, and it can further be used to provide decent assurances that the material encrypted has not been altered in any way since it was first locked up.
Dan Wallach, a computer security expert at Rice University, in Texas, believes that Mr Zittrain has chosen the best model for his dark archive. However, he cautions that technical challenges remain, principally those around the strength of the encryption itself. The cat-and-mouse game between those who make codes and those who break them never slows, and Dr Wallach says that in order to anticipate codebreaking abilities in a distant future, “you have to over-engineer things”.
The disadvantage to time-release cryptography is that the recipient must devote an entire processor to solving the problem for that period of time and that it should remain secret. The best proposal for a Puzzle with the right properties is due to Rivest, Shamir and Wagner in the paper ‘Time lock puzzles and timed release Crypto’. It is based on repeated squaring in RSA groups. A recent result precludes any intrinsically sequential time-lock puzzles in the random oracle model (e.g., based on hashing).
Zittrain’s challenge is to build a time capsule that is flexible enough to allow early access to sensitive information as a matter of last resort, yet secure enough to protect the very disclosures that future historians will find most useful. At the moment, he fears that anyone holding information that could be of great future value, but that poses some reputational or legal risk, makes a simple choice. “They just toss it,” he says.
Panacea 