The Cyphernomicon

"The Cyphernomicon" is a document written by Timothy C. May in 1994 for the Cypherpunks electronic mailing list, outlining some ideas behind, and the effects of, crypto-anarchism. It constitutes one of the philosophy's founding documents, advocating anonymous digital currency and electronic privacy, and touching on more esoteric topics, such as assassination markets.

1. Introduction


THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, 1994-09-10, Copyright Timothy C. May. All rights reserved. See the detailed disclaimer. Use short sections under "fair use" provisions, with appropriate credit, but don't put your name on my words.


1.2. Foreword

1.3. Motivations

1.3.1. With so much material available, why another FAQ?

1.3.2. No convenient access to archives of the list… and who could read 50 MB of stuff anyway?

1.3.3. Why not Web? (Mosaic, Http, URL, etc.)

1.3.4. What the Essential Points Are

1.4. Who Should Read This

1.4.1. "Should I read this?"

1.5. Comments on Style and Thoroughness

1.5.1. "Why is this FAQ not in Mosaic form?"

1.5.2. "Why the mix of styles?"

1.5.3. Despite the length of this thing, a vast amount of stuff is missing. There have been hundreds of incisive analyses by Cypherpunks, dozens of survey articles on Clipper, and thousands of clever remarks. Alas, only a few of them here.

1.5.4. Caveats on the completeness or accuracy of this FAQ + not all points are fully fleshed out...the outline nature means that nearly all points could be further added-to, subdivided, taxonomized, and generally fleshed-out with more points, counterpoints, examples

1.6. Corrections and Elaborations

1.7. Acknowledgements

1.7.1. Acknowledgements

1.8. Ideas and Notes (not to be printed)

1.8.1. Graphics for cover

1.8.2. "So don't ask"

1.9. Things are moving quickly in crypto and crypto policy

1.9.1. hard to keep this FAQ current, as info changes

1.9.2. PGP in state of flux

1.9.3. new versions of tools coming constantly

1.9.4. And the whole Clipper thing has been turned on its head recently by the Administration's backing off...lots of points already made here are now rendered moot and are primarily of historical interest only.

1.10. Notes: The Cyphernomicon: the CypherFAQ and More

1.10.1. 2.3.1. "The Book of Encyphered Names"

1.10.2. 2.3.2. THE CYPHERNOMICON: a Cypherpunk FAQ and More--- Version 0.666

1.10.3. 1994-09-01,...Copyright Timothy C. May, tcmay@netcom.com

1.10.4.

2. MFAQ--Most Frequently Asked Questions


THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, 1994-09-10, Copyright Timothy C. May. All rights reserved. See the detailed disclaimer. Use short sections under "fair use" provisions, with appropriate credit, but don't put your name on my words.

2.2. SUMMARY: MFAQ--Most Frequently Asked Questions

2.2.1. Main Points

2.2.2. Connections to Other Sections

2.2.3. Where to Find Additional Information

2.2.4. Miscellaneous Comments

2.3. "What's the 'Big Picture'?"

2.3.1. Strong crypto is here.

It is widely available.

2.3.2. It implies many changes in the way the world works.

Private channels between parties who have never met and who never will meet are possible. Totally anonymous, unlinkable, untraceable communications and exchanges are possible.

2.3.3. Transactions can only be voluntary,

since the parties are untraceable and unknown and can withdraw at any time. This has profound implications for the conventional approach of using the threat of force, directed against parties by governments or by others. In particular, threats of force will fail.

2.3.4. What emerges from this is unclear,

but I think it will be a form of anarcho-capitalist market system I call "crypto anarchy." (Voluntary communications only, with no third parties butting in.)

2.4. Organizational

2.4.1. "How do I get on--and off--the Cypherpunks list?"

2.4.2. "Why does the Cypherpunks list sometimes go down, or lose the subscription list?"

2.4.3. "If I've just joined the Cypherpunks list, what should I do?"

2.4.4. "I'm swamped by the list volume; what can I do?"

2.4.5. "It's very easy to get lost in the morass of detail here. Are there any ways to track what's really important?"

2.4.6. "Who are the Cypherpunks?"

2.4.7. "Who runs the Cypherpunks?"

2.4.8. "Why don't the issues that interest me get discussed?"

2.4.9. "How did the Cypherpunks group get started?"

2.4.10. "Where did the name 'Cypherpunks' come from?"

2.4.11. "Why doesn't the Cypherpunks group have announced goals, ideologies, and plans?"

2.4.12. "What have the Cypherpunks actually done?"

2.4.13. "How Can I Learn About Crypto and Cypherpunks Info?"

2.4.14. "Why is there sometimes disdain for the enthusiasm and proposals of newcomers?"

2.4.15. "Should I join the Cypherpunks mailing list?"

2.4.16. "Why isn't the Cypherpunks list encrypted? Don't you believe in encryption?"

2.4.17. "What does "Cypherpunks write code' mean?"

2.4.18. "What does 'Big Brother Inside' Mean?"

2.4.19. "I Have a New Idea for a Cipher---Should I Discuss it Here?"

2.4.20. Are all the Cypherpunks libertarians?

2.4.21. "What can we do?"

2.4.22. "Why is the list unmoderated? Why is there no filtering of disrupters like Detweiler?"

2.4.23. "What Can I Do?"

2.4.24. "Should I publicize my new crypto program?"

2.4.25. "Ask Emily Post Crypt"

2.4.26. "What are some main Cypherpunks projects?"

2.4.27. "What about sublists, to reduce the volume on the main list."

2.5. Crypto

2.5.1. "Why is crypto so important?"

2.5.2. "Who uses cryptography?"

2.5.3. "Who needs crypto? What have they got to hide?"

2.5.4. "I'm new to crypto--where should I start?"

2.5.5. "Do I need to study cryptography and number theory to make a contribution?"

2.5.6. "How does public key cryptography work, simply put?"

2.5.7. "I'm a newcomer to this stuff...how should I get started?"

2.5.8. "Who are Alice and Bob?"

2.5.9. "What is security through obscurity"?

2.5.10. "Has DES been broken? And what about RSA?"

2.5.11. "Can the NSA Break Foo?"

2.5.12. "Can brute-force methods break crypto systems?"

2.5.13. "Did the NSA know about public key ideas before Diffie and Hellman?"

2.5.14. "Did the NSA know about public-key approaches before Diffie and Hellman?"

2.5.15. "Can NSA crack RSA?"

2.5.16. "Won't more powerful computers make ciphers breakable?"

2.5.17. "Will strong crypto help racists?"

2.5.18. Working on new ciphers--why it's not a Cypherpunks priority (as I see it)

2.5.19. "Are there any unbreakable ciphers?"

  1. Maybe there are really shortcuts to factoring. Certainly improvements in factoring methods will continue. (But of course these improvements are not things that convert factoring into a less than exponential-in-length problem...that is, factoring appears to remain "hard.")
  2. Maybe reversible computations (a la Landauer, Bennett, et. al.) actually work. Maybe this means a "factoring machine" can be built which takes a fixed, or very slowly growing, amount of energy. In this case, "forever" means Lefty is probably right.
  3. Maybe the quantum-mechanical idea of Peter Shor is possible. (I doubt it, for various reasons.)

2.5.20. "How safe is RSA?" "How safe is PGP?" "I heard that PGP has bugs?"

2.5.21. "How long does encryption have to be good for?"

2.6. PGP

2.6.1. There's a truly vast amount of information out there on PGP,

from current versions, to sites, to keyserver issues, and so on. There are also several good FAQs on PGP, on MacPGP, and probably on nearly every major version of PGP. I don't expect to compete here with these more specialized FAQs.

2.6.2. "Where do I get PGP?"

2.6.3. "Where can I find PGP?"

2.6.4. "Is PGP secure? I heard someone had..."

2.6.5. "Should I use PGP and other crypto on my company's workstations?"

2.6.6. "I just got PGP--should I use it for all my mail?"

2.6.7. NSA is apparently worried about PGP,

worried about the spread of PGP to other countries, and worried about the growth of "internal communities" that communicate via "black pipes" or "encrypted tunnels" that are impenetrable to them.

2.7. Clipper

2.7.1. "How can the government do this?"

2.7.2. "Why don't Cypherpunks develop their won competing encryption chip?"

2.7.3. "Why is crypto so frightening to governments?"

2.7.4. "I've just joined the list and am wondering why I don't see more debate about Clipper?"

2.8. Other Ciphers and Crypto Products

2.9. Remailers and Anonymity

2.9.1. "What are remailers?"

2.9.2. "How do remailers work?" (a vast number of postings have dealt with this)

2.9.3. "Can't remailers be used to harass people?"

2.10. Surveillance and Privacy

2.10.1. "Does the NSA monitor this list?"

2.10.2. "Is this list illegal?"

2.10.3. "Can keystrokes really be monitored remotely? How likely is this?"

2.10.4. "Wouldn't some crimes be stopped if the government could monitor what it wanted to?"

2.11.1. "Can encryption be banned?"

2.11.2. "Will the government try to ban encryption?"

2.11.3. "How could encryption be banned?"

2.11.4. "What's the situation about export of crypto?"

2.11.5. "What's the legal status of digital signatures?"

2.11.6. "Can't I just claim I forgot my password?"

2.11.7. "Is it dangerous to talk openly about these ideas?"

2.11.8. "Does possession of a key mean possession of identity?"

2.12. Digital Cash

2.12.1. "What is digital money?"

2.12.2. "What are the main uses of strong crypto for business and economic transactions?"

2.12.3. "What are smart cards and how are they used?"

2.13. Crypto Anarchy

2.13.1. "What is Crypto Anarchy?"

2.13.2. The Crypto Anarchist Manifesto

2.13.4. "What effect will crypto have on governments?"

2.13.5. "How quickly could something like crypto anarchy come?"

2.13.6. "Could strong crypto be used for sick and disgusting and dangerous purposes?"

2.13.7. "What is the Dining Cryptographers Problem, and why is it so important?"

2.13.8. "Why won't government simply ban such encryption methods?" + This has always been the Number One Issue!

2.13.9. "Could anonymous markets facilitate repugnant services, such as killings for hire?"

  1. From being traced, because the exchanges are handled via pseudonyms
  2. From the killer taking the money and then not performing the hit, because the escrow agent holds the money until the murder is verified (according to some prototocol, such a newspaper report...again, an area for more work, thankfully).
  3. From being arrested when the money is picked up, as this is all done via digital cash. There are some ways to reduce the popularity of this Murder, Incorporated system. (Things I've been thinking about for about 6 years, and which we discussed on the Cypherpunks list and on the Extropians list.)

2.14. Miscellaneous

2.14.1. "Why can't people just agree on an approach?"

2.14.2. "What are some of the practical limits on the deployment of crypto, especially things like digital cash and remailers?"

2.14.3. "Is crypto dominated by mistrust? I get the impression that everything is predicated on mutual mistrust."

2.14.4. "Who is Detweiler?"

2.14.5. "Who is Sternlight?"

2.15. More Information and References

2.15.1. "Where can I find more information?"

2.15.2. "Things are changing quickly. Not all of the addresses and URLs given here are valid. And the software versions... How do I get the latest information?"

2.15.3. "FUQs: "Frequently Unanswered Questions"?"

3. Cypherpunks -- History, Organization, Agenda


THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, 1994-09-10, Copyright Timothy C. May. All rights reserved. See the detailed disclaimer. Use short sections under "fair use" provisions, with appropriate credit, but don't put your name on my words.

3.2. SUMMARY: Cypherpunks -- History, Organization, Agenda

3.2.1. Main Points

3.2.2. Connections to Other Sections

3.2.3. Where to Find Additional Information

3.2.4. Miscellaneous Comments

3.3. The Cypherpunks Group and List

3.3.1. What is it?

3.3.2. "Who are the Cypherpunks?"

3.3.3. "How did the Cypherpunks group get started?"

3.3.4. "Should I join the Cypherpunks mailing list?"

3.3.5. "How can I join the Cypherpunk mailing list?"

3.3.6. "Membership?"

3.3.7. "Why are there so many libertarians on the Cypherpunks list?" + The same question is often asked about the Net in general.

  Lots of suggested reasons:

3.3.8. "How did the mailing list get started?"

3.3.9. "How did Cypherpunks get so much early publicity?"

3.3.10. "Why the name?"

3.3.11. "What were the early meetings like?"

3.3.12. "Where are places that I can meet other Cypherpunks?"

3.3.13. "Is the Cypherpunks list monitored? Has it been infiltrated?"

3.3.14. "Why isn't there a recruiting program to increase the number of Cypherpunks?"

3.3.15. "Why have there been few real achievements in crypto recently?"

3.4. Beliefs, Goals, Agenda

3.4.1. "Is there a set of beliefs that most Cypherpunks support?" + There is nothing official (not much is), but there is an emergent, coherent set of beliefs which most list members seem to hold:

3.4.2. "What are Cypherpunks interested in?"

3.4.3. Personal Privacy and Collapse of Governments

3.4.4. Why is Cypherpunks called an "anarchy"?

3.4.5. Why is there no formal agenda, organization, etc.?

3.4.6. How are projects proposed and completed?

3.4.7. Future Needs for Cyberspace

3.4.8. Privacy, Credentials without identity

3.4.9. "Cypherpunks write code"

3.4.10. Digital Free Markets

3.4.11. The Role of

3.4.12. Reductions on taxation

3.4.13. Transnationalism

3.4.14. Data Havens

3.4.15. MOOs, MUDs, SVRs, Habitat cyberspaces

3.4.16. "Is personal privacy the main interest of Cypherpunks?" - Ensuring the right and the technological feasibility is more of the focus. This often comes up in two contexts:

3.4.17. "Shouldn't crypto be regulated?"

3.4.18. Emphasize the "voluntary" nature of crypto

3.4.19. "Are most Cypherpunks anarchists?"

3.4.20. "Why is there so much ranting on the list?"

3.4.21. The "rejectionist" stance so many Cypherpunks have

3.4.22. "Is the Cypherpunks group an illegal or seditious organization?"

3.5. Self-organizing Nature of Cypherpunks

3.5.1. Contrary to what people sometimes claim,

there is no ruling clique of Cypherpunks. Anybody is free to do nearly anything, just not free to commit others to course of action, or control the machine resources the list now runs on, or claim to speak for the "Cypherpunks" as a group (and this last point is unenforceable except through reptutation and social repercussions).

3.5.2. Another reason to be glad there is no formal Cypherpunks structure,

ruling body, etc., is that there is then no direct target for lawsuits, ITAR vioalation charges, defamation or copyright infringement claims, etc.

3.6. Mechanics of the List

3.6.1. Archives of the Cyperpunks List

3.6.2. "Why isn't the list sent out in encrypted form?"

3.6.3. "Why isn't the list moderated?"

3.6.4. "Why isn't the list split into smaller lists?"

3.6.5. Critical Addresses, Numbers, etc.

3.7. Publicity

3.7.1. "What kind of press coverage have the Cypherpunks gotten?"

3.8. Loose Ends

3.8.1. On extending the scope of Cypherpunks to other countres

4. Goals and Ideology -- Privacy, Freedom, New Approaches


THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, 1994-09-10, Copyright Timothy C. May. All rights reserved. See the detailed disclaimer. Use short sections under "fair use" provisions, with appropriate credit, but don't put your name on my words.

4.2. SUMMARY: Goals and Ideology -- Privacy, Freedom, New Approaches

4.2.1. Main Points

4.2.2. Connections to Other Sections

4.2.3. Where to Find Additional Information

4.2.4. Miscellaneous Comments

4.3. Why a Statement of Ideology?

4.3.1. This is perhaps a controversial area.

So why include it? The main reason is to provide some grounding for the later comments on many issues.

4.3.2. People should not expect a uniform ideology on this list.

Some of us are anarcho-capitalist radicals (or "crypto anarchists"), others of us are staid Republicans, and still others are Wobblies and other assored leftists.

4.4. "Welcome to Cypherpunks"

4.4.1. This is the message each new subscriber to the Cypherpunks lists gets

, by Eric Hughes:

4.4.2. "Cypherpunks assume privacy is a good thing

and wish there were more of it. Cypherpunks acknowledge that those who want privacy must create it for themselves and not expect governments, corporations, or other large, faceless organizations to grant them privacy out of beneficence. Cypherpunks know that people have been creating their own privacy for centuries with whispers, envelopes, closed doors, and couriers. Cypherpunks do not seek to prevent other people from speaking about their experiences or their opinions. "The most important means to the defense of privacy is encryption. To encrypt is to indicate the desire for privacy. But to encrypt with weak cryptography is to indicate not too much desire for privacy. Cypherpunks hope that all people desiring privacy will learn how best to defend it. "Cypherpunks are therefore devoted to cryptography. Cypherpunks wish to learn about it, to teach it, to implement it, and to make more of it. Cypherpunks know that cryptographic protocols make social structures. Cypherpunks know how to attack a system and how to defend it. Cypherpunks know just how hard it is to make good cryptosystems. "Cypherpunks love to practice. They love to play with public key cryptography. They love to play with anonymous and pseudonymous mail forwarding and delivery. They love to play with DC-nets. They love to play with secure communications of all kinds. "Cypherpunks write code. They know that someone has to write code to defend privacy, and since it's their privacy, they're going to write it. Cypherpunks publish their code so that their fellow cypherpunks may practice and play with it. Cypherpunks realize that security is not built in a day and are patient with incremental progress. "Cypherpunks don't care if you don't like the software they write. Cypherpunks know that software can't be destroyed. Cypherpunks know that a widely dispersed system can't be shut down. "Cypherpunks will make the networks safe for privacy." [Eric Hughes, 1993-07-21 version]

4.5. "Cypherpunks Write Code"

4.5.1. "Cypherpunks write code" is almost our mantra.

4.5.2. This has come to be a defining statement.

Eric Hughes used it to mean that Cypherpunks place more importance in actually changing things, in actually getting working code out, than in merely talking about how things "ought" to be.

4.5.3. "The admonition, "Cypherpunks write code," should be taken metaphorically.

I think "to write code" means to take unilateral effective action as an individual. That may mean writing actual code, but it could also mean dumpster diving at Mycrotronx and anonymously releasing the recovered information. It could also mean creating an offshore digital bank. Don't get too literal on us here. What is important is that Cypherpunks take personal responsibility for empowering themselves against threats to privacy." [Sandy Sandfort, 1994-07-08]

4.5.4. A Cypherpunks outlook: taking the abstractions of academic conferences and making them concrete

4.5.5. Prototypes, even if fatally flawed, allow for evolutionary learning and improvement. Think of it as engineering in action.

4.6. Technological empowerment

4.6.1. (more needed here...)

4.6.2. As Sandy Sandfort notes, "The real point of Cypherpunks is that it's better to use strong crypto than weak crypto or no crypto at all.

Our use of crypto doesn't have to be totally bullet proof to be of value. Let them worry about the technicalities while we make sure they have to work harder and pay more for our encrypted info than they would if it were in plaintext." [S.S. 1994-07-01]

4.7. Free Speech Issues

4.7.1. Speech

4.7.2. "Should there be any limits whatsoever on a person's use of cryptography?"

4.7.3. Democracy and censorship

4.8. Privacy Issues

4.8.1. "Is there an agenda here beyond just ensuring privacy?"

4.8.2. "What is the American attitude toward privacy and encryption?"

4.8.3. "How is 1994 like 1984?"

4.8.4. "We anticipate that computer networks will play a more and more important role in many parts of our lives.

But this increased computerization brings tremendous dangers for infringing privacy. Cypherpunks seek to put into place structures which will allow people to preserve their privacy if they choose. No one will be forced to use pseudonyms or post anonymously. But it should be a matter of choice how much information a person chooses to reveal about himself when he communicates. Right now, the nets don't give you that much choice. We are trying to give this power to people." [Hal Finney, 1993-02-23]

4.8.5. "If cypherpunks contribute nothing else we can create a real privacy advocacy group,

advocating means of real selfempowerment, from crypto to nom de guerre credit cards, instead of advocating further invasions of our privacy as the so-called privacy advocates are now doing!" [Jim Hart, 199409-08]

4.9. Education Issues

4.9.1. "How can we get more people to use crypto?"

4.9.2. "Who needs to encrypt?"

4.9.3. "When should crypto be used?"

4.10. Libertarian Issues

4.10.1. A technological approach to freedom and privacy:

4.10.2. "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."

[Benjamin Franklin]

4.10.3. a typical view of government

4.10.4. Sadly, several of our speculative scenarios for various laws have come to pass. Even several of my own, such as:

4.10.5. "Don't tread on me."

4.10.6. However, it's easy to get too negative on the situation,

to assume that a socialist state is right around the corner. Or that a new Hitler will come to power. These are unlikely developments, and not only because of strong crypto. Financial markets are putting constraints on how fascist a government can get...the international bond markets, for example, will quickly react to signs like this. (This is the theory, at least.)

4.10.7. Locality of reference, cash, TANSTAAFL, privacy

4.11. Crypto Anarchy

4.11.1. The Crypto Anarchy Principle:

Strong crypto permits unbreakable encrypion, unforgeable signatures, untraceable electronic messages, and unlinkable pseudonomous identities. This ensures that some transactions and communications can be entered into only voluntarily. External force, law, and regulation cannot be applied. This is "anarchy," in the sense of no outside rulers and laws. Voluntary arrangements, backstopped by voluntarily-arranged institutions like escrow services, will be the only form of rule. This is "crypto anarchy."

4.11.2. crypto allows a return to contracts that governments cannot breach

4.11.3. Technological solutions over legalistic regulations

4.11.4. Reputations

4.11.5. I have a moral outlook

that many will find unacceptable or repugnant. To cut to the chase: I support the killing of those who break contracts, who steal in serious enough ways, and who otherwise commit what I think of as crimes.

4.11.6. Increased espionage

will help to destroy nation-state-empires like the U.S., which has gotten far too bloated and far too dependent on throwing its weight around; nuclear "terrorism" may knock out a few cities, but this may be a small price to pay to undermine totally the socialist welfare states that have launched so many wars this century.

4.12. Loose Ends

4.12.1. "Why take a "no compromise" stance?"

4.12.2. The inherent evils of democracy

4.12.3. "Is the Cypherpunks agenda too extreme?"

4.12.4. "Crypto Anarchy sounds too wild for me."

5. Cryptology


THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666,

1994-09-10, Copyright Timothy C. May. All rights reserved. See the detailed disclaimer. Use short sections under "fair use" provisions, with appropriate credit, but don't put your name on my words.

5.2. SUMMARY: Cryptology

5.2.1. Main Points

5.2.2. Connections to Other Sections

5.2.3. Where to Find Additional Information

5.2.4. Miscellaneous Comments

5.3. What this FAQ Section Will Not Cover

5.3.1. Why a section on crypto when so many other sources exist?

5.3.2. NOTE: This section may remain disorganized, at least as compared to some of the later sections. Many excellent sources on crypto exist, including readily available FAQs (sci.crypt, RSADSI FAQ) and books. Schneier's books is especially recommended, and should be on every Cypherpunk's bookshelf.

5.4. Crypto Basics

5.4.1. "What is cryptology?"

5.4.3. What's the history of cryptology?

5.4.4. Major Classes of Crypto

5.4.5. Hardware vs. Software

5.4.6. "What are 'tamper-resistant modules' and why are they important?"

5.4.7. "What are "one way functions"?"

5.4.8. When did modern cryptology start?

5.4.9. What is public key cryptography?

5.4.10. Why is public key cryptography so important?

5.4.11. "Does possession of a key mean possession of identity?"

5.4.12. What are digital signatures?

5.4.13. Identity, Passports, Fiat-Shamir

5.4.14. Where else should I look?

5.4.15. Crypto, Technical

5.4.17. Other crypto and hash programs

5.4.18. RSA strength

5.4.19. Triple DES

5.4.20. Tamper-resistant modules (TRMs) (or tamper-responding)

5.4.21. "What are smart cards?"

5.5. Cryptology-Technical, Mathematical

5.5.1. Historical Cryptography

5.5.2. Public-key Systems--HISTORY

5.5.3. RSA and Alternatives to RSA

5.5.4. Digital Signatures

5.5.5. Randomness and incompressibility

5.5.6. Steganography: Methods for Hiding the Mere Existence of Encrypted Data

5.5.7. The Essential Impossibility of Breaking Modern Ciphers and Codes

5.5.8. Anonymous Transfers

5.5.9. Miscellaneous Abstract Ideas

5.5.10. Tamper-resistant modules (TRMs) (or tamper-responding)

5.6. Crypto Programs and Products

5.6.1. PGP, of course

5.6.2. "What about hardware chips for encryption?"

5.6.3. Carl Ellison's "tran" and mixing various ciphers in chains - "tran.shar is available at ftp.std.com:/pub/cme

5.6.4. The Blum-Blum-Shub RNG

5.6.5. the Blowfish cipher

5.7.1. "What is "blinding"?"

5.7.2. "Crypto protocols are often confusing. Is there a coherent theory of these things?"

5.7.3. The holder of a key is the person, basically

5.7.4. Strong crypto is helped by huge increases in processor power, networks

5.7.5. "What is the "Diffie-Hellman" protocol and why is it important?"

5.7.6. groups, multiple encryption, IDEA, DES, difficulties in analyzing

5.7.7. "Why and how is "randomness" tested?"

5.7.8. "Is it possible to tell if a file is encrypted?"

5.7.9. "Why not use CD-ROMs for one-time pads?"

5.8. The Nature of Cryptology

5.8.1. "What are the truly basic, core, primitive ideas of cryptology, crypto protocols, crypto anarchy, digital cash, and the things we deal with here?"

5.8.2. Crypto is about the creation and linking of private spaces...

5.8.3. The "Core" Ideas of Cryptology and What we Deal With

5.8.4. We don't seem to know the "deep theory" about why certain protocols "work." For example, why is "cut-and-choose," where Alice cuts and Bob chooses (as in fairly dividing a pie), such a fair system? Game theory has a lot to do with it. Payoff matrices, etc.

5.8.5. "Is it possible to create ciphers that are unbreakable in any amount of time with any amount of computer power?"

  1. Maybe there are really shortcuts to factoring. Certainly improvements in factoring methods will continue. (But of course these improvements are not things that convert factoring into a less than exponential-in-length problem...that is, factoring appears to remain "hard.")
  2. Maybe reversible computations (a la Landauer, Bennett, et. al.) actually work. Maybe this means a "factoring machine" can be built which takes a fixed, or very slowly growing, amount of energy.
  3. Maybe the quantum-mechanical idea of Shore is possible. (I doubt it, for various reasons.) I continue to find it useful to think of very large numbers as creating "force fields" or "bobbles" (a la Vinge) around data. A 5000-decimal-digit modulus is as close to being unbreakable as anything we'll see in this universe.

5.9. Practical Crypto

5.9.1. again, this stuff is covered in many of the FAQs on PGP and on security that are floating around...

5.9.2. "How long should crypto be valid for?"

5.9.3. "What about commercial encryption programs for protecting files?"

5.9.4. "What are some practical steps to take to improve security?"

5.9.5. Picking (and remembering) passwords

5.9.6. "How can I remember long passwords or passphrases?"

5.10. DES

5.10.1. on the design of DES

5.11. Breaking Ciphers

5.11.1. This is not a main Cypherpunks concern, for a variety of reasons (lots of work, special expertise, big machines, not a core area, ciphers always win in the long run). Breaking ciphers is something to consider, hence this brief section.

5.11.2. "What are the possible consequences of weaknesses in crypto systems?"

5.11.3. "What are the weakest places in ciphers, practically speaking?"

5.11.4. Birthday attacks

5.11.5. For example, at Crypto '94 it was reported in a rump session

(by Michael Wiener with Paul van Oorschot) that a machine to break the MD5 ciphers could be built for about $10 M (in 1994 dollars, of course) and could break MD5 in about 20 days. (This follows the 1993 paper on a similar machine to break DES.)

5.11.6. pkzip reported broken

5.11.7. Gaming attacks, where loopholes in a system are exploited

5.11.8. Diffie-Hellman key exchange vulnerabilities

5.11.9. Reverse engineering of ciphers

5.12. Loose Ends

5.12.1. "Chess Grandmaster Problem" and other Frauds and Spoofs

6. The Need For Strong Crypto


THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, 1994-09-10, Copyright Timothy C. May. All rights reserved. See the detailed disclaimer. Use short sections under "fair use" provisions, with appropriate credit, but don't put your name on my words.

6.2. SUMMARY: The Need For Strong Crypto

6.2.1. Main Points

6.2.2. Connections to Other Sections

6.2.3. Where to Find Additional Information

6.2.4. Miscellaneous Comments

6.3. General Uses of and Reasons for Crypto

6.3.1. (see also the extensive listing of "Reasons for Anonymity," which makes many points about the need and uses for strong crypto)

6.3.2. "Where is public key crypto really needed?"

6.3.3. "What are the main reasons to use cryptography?"

6.3.4. "What may limit the use of crypto?"

6.3.5. "What are some likely future uses of crypto?"

6.3.6. "Are there illegal uses of crypto?"

6.4. Protection of Corporate and Financial Privacy

6.4.1. corporations are becoming increasingly concerned about interception of important information-or even seemingly minor information-and about hackers and other intruders

6.4.2. Corporate Espionage (or "Business Research")

6.4.3. Encryption to Protect Information

6.4.4. U.S. willing to seize assets as they pass through U.S. (Haiti, Iraq)

6.4.5. Privacy of research

6.4.6. Using crypto-mediated business to bypass "deep pockets" liability suits, abuse of regulations, of the court system, etc.

6.4.7. on anonymous communication and corporations

6.5. Digital Signatures

6.5.1. for electronic forms of contracts

6.5.2. negotiations

6.5.3. AMIX, Xanadu, etc.

6.5.4. is the real protection against viruses (since all other scanning methods will increasingly fail)

6.6. Political Uses of Crypto

6.6.1. Dissidents, Amnesty International

6.6.2. reports that rebels in Chiapas (Mexico, Zapatistas) are on the Net, presumably using PGP

6.6.3. Free speech has declined in America--crypto provides an antidote

6.7. Beyond Good and Evil, or, Why Crypto is Needed

6.7.1. "Why is cryptography good? Why is anonymity good?"

6.7.2. Speaking of the isolation from physical threats and pressures that cyberspace provides, Eric Hughes writes: "One of the whole points of anonymity and pseudonymity is to create immunity from these threats, which are all based upon the human body and its physical surroundings. What is the point of a system of anonymity which can be pierced when something "bad" happens? These systems do not reject the regime of violence; rather, they merely mitigate it slightly further and make their morality a bit more explicit...I desire

systems which do not require violence for their existence and stability. I desire anonymity as an ally to break the hold of morality over culture." [Eric Hughes, 1994-08-31]

6.7.3. Crypto anarchy means prosperity for those who can grab it, those competent enough to have something of value to offer for sale; the clueless 95% will suffer, but that is only just. With crypto anarchy we can painlessly, without initiation of aggression, dispose of the nonproductive, the halt and the lame. (Charity is always possible, but I suspect even the liberal do-gooders will throw up their hands at the prospect of a nation of mostly unskilled and essentially illiterate and innumerate workers being unable to get meaninful, well-paying jobs.)

6.7.4. Crypto gets more important as communication increases and as computing gets distributed

6.8. Crypo Needed for Operating Systems and Networks

6.8.1. Restrictions on cryptography--difficult as they may be to enforce--may also impose severe hardships on secure operating system design, Norm Hardy has made this point several times.

6.8.2. Proofs of identity, passwords, and operating system use

6.8.3. An often unmentioned reason why encyption is needed is for the creation of private, or virtual, networks

6.9.1. Ever-increasing numbers of laws, complexities of tax codes, etc.

6.9.2. National ID cards

6.9.3. Key Escrow

6.9.4. Extension of U.S. law around the world

6.9.5. AA BBS case means cyberspace is not what we though it was

6.10. Loose Ends

6.10.1. "Why don't most people pay more attention to security issues?"

6.10.2. What motivates an attackers is not the intrinsic value of the data but his perception of the value of the data.

6.10.3. Crypto allows more refinement of permissions...access to groups, lists

6.10.4. these general reasons will make encryption more common, more socially and legally acceptable, and will hence make eventual attempts to limit the use of crypto anarchy methods moot

6.10.5. protecting reading habits..

6.10.6. Downsides

6.10.7. Encryption of Video Signals and Encryption to Control Piracy

7. PGP


THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, 1994-09-10, Copyright Timothy C. May. All rights reserved. See the detailed disclaimer. Use short sections under "fair use" provisions, with appropriate credit, but don't put your name on my words.

7.2. SUMMARY: PGP -- Pretty Good Privacy

7.2.1. Main Points

7.2.2. Connections to Other Sections

7.2.3. Where to Find Additional Information

7.2.4. Miscellaneous Comments

7.3. Introduction

7.3.1. Why does PGP rate its own section?

7.3.2. "What's the fascination in Cypherpunks with PGP?"

7.3.3. The points here focus on PGP, but may apply as well to similar crypto programs, such as commercial RSA packages (integrated into mailers, commercial programs, etc.).

7.4. What is PGP?

7.4.1. "What is PGP?"

7.4.2. "Why was PGP developed?"

7.4.3. Who developed PGP?

7.5. Importance of PGP

7.5.1. PGP 2.0 arrived at an important time

7.5.2. PGP has been the catalyst for major shifts in opinion

7.5.3. "If this stuff is so important, how come not everyone is digitally signing their messages?"

7.5.4. Ripem appears to be dead; traffic in alt.security.ripem is almost zero. PGP has obviously won the hearts and minds of the user community; and now that it's "legal"...

7.6. PGP Versions

7.6.1. PGP Versions and Implementations

7.6.2. What versions of PGP exist?

7.6.3. PGP 2.6 issues

7.6.4. PGP version 2.6.1

7.7. Where to Get PGP?

7.7.1. "Where can I get PGP on CompuServe?"

7.7.2. Off line PGP

7.7.3. "Should I worry about obtaining and compiling the PGP sources?"

7.8. How to Use PGP

7.8.1. How does PGP work?

7.8.2. "How should I store the secret part of my key? Can I memorize it?"

7.8.3. "How do I sign messages?"

7.8.4. Why isn't PGP easier to use?

7.8.5. How should I learn PGP?

7.8.6. "What's the status of PGP integration with other programs?"

7.8.7. "How often should I change my key or keys?"

7.9. Keys, Key Signings, and Key Servers

7.9.1. Web of trust vs. heierarchical key management

7.9.2. Practical approaches to signing the keys of others

7.9.3. Key Servers

7.9.4. Use of PGP key fingerprints

7.9.5. "How should address changes be handled? Do old keys have to be revoked?"

7.9.6. "How can I ensure that my keys have not been tampered with?" + Keep your private key secure

+ if on an unsecured machine, take steps to protect it

7.9.7. "Why are key revocations needed?"

7.9.8. "Is-a-person" registries

7.9.9. Keyservers (this list is constantly changing, but most share keys, so all one needs is one). Send "help" message. For current information, follow alt.security.pgp.

7.9.10. "What are key fingerprints and why are they used?"

7.9.11. Betsi

7.9.12. on attacks on keyservers...

7.10. PGP Front Ends, Shells, and Tools

7.10.1. Many can be found at this ftp site:

7.10.2. William Stallings had this to say in a Usenet post:

7.10.3. Rick Busdiecker rfb@lehman.com has an emacs front end to PGP available

7.10.4. Pr0duct Cypher's tools:

7.11. Other Crypto Programs And Tools

7.11.1. Other Ciphers and Tools

  1. 0, and adds a number of features suggested by users. More details on changes are given in in the README file." [Peter Gutmann, sci.crypt, 1994-08-25]
    • not the same thing as CFS!
    • 512-bit key using a MDC/SHS hash. (Fast)
    • only works on a386 or better (says V. Bontchev)
    • source code not available?
    • implemented as a device driver (rather than a TSR, like SecureDrive)

7.11.2. MDC and SHS (same as SHA?)

7.11.3. Stego programs

7.11.4. "What about "Pretty Good Voice Privacy" or "Voice PGP" and Other Speech Programs?"

7.11.5. Random Number Generators

7.11.6. "What's the situation on the dispute between NIST and RSADSI over the DSS?"

7.11.7. "Are there any programs like telnet or "talk" that use pgp?" - "Don't know about Telnet, but I'd like to see "talk"

secured like that... It exists. (PGP-ized ytalk, that is.) Have a look at ftp.informatik.uni- hamburg.de:/pub/virus/crypto/pgp/tools/pgptalk.2.0.tar.gz" [Vesselin Bontchev, alt.security.pgp, 1994-07-4]

7.11.8. Digital Timestamping

7.12.1. "What is RSA Data Security Inc.'s position on PGP?"

I. They were strongly opposed to early versions II. objections

7.12.2. "Is PGP legal or illegal"?

7.12.3. "Is there still a conflict between RSADSI and PRZ?"

7.13. Problems with PGP, Flaws, Etc.

7.13.1. Speculations on possible attacks on PGP

7.13.2. What does the NSA know about flaws in PGP?

7.13.3. The PGP timebomb

7.13.4. Spoofing

7.13.5. "How do we know that PGP doesn't have a back door or some other major flaw? After all, not all of us are programmers or cryptologists."

7.13.6. "Can I run PGP on a machine I don't control, e.g., the campus computer system?"

7.14. The Future of PGP

7.14.1. "Does PGP help or hurt public key methods in general and RSA Data Security Inc. in particular?"

7.14.2. Stealth PGP

7.14.3. "Should we work on a more advanced version, a Really Good Privacy?"

7.14.4. "Can changes and improvements be made to PGP?"

7.15. Loose Ends

7.15.1. Security measures on login, passwords, etc.

8. Anonymity, Digital Mixes, and Remailers


THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, 1994-09-10, Copyright Timothy C. May. All rights reserved. See the detailed disclaimer.

8.2. SUMMARY: Anonymity, Digital Mixes, and Remailers

8.2.1. Main Points

8.2.2. Connections to Other Sections

8.2.3. Where to Find Additional Information

8.2.4. Miscellaneous Comments

8.3. Anonymity and Digital Pseudonyms

8.3.1. Why is anonymity so important?

8.3.2. What's the difference between anonymity and pseudonymity? + Not much, at one level...we often use the term "digital pseudonym" in a strong sense, in which the actual identity cannot be deduced easily

 - this is "anonymity" in a certain sense

8.3.3. Downsides of anonymity

8.3.4. "How will privacy and anonymity be attacked?"

8.3.5. "How will random accusations and wild rumors be controlled in anonymous forums?"

8.3.6. "What are the legal views on anonymity?"

8.3.7. Some Other Uses for Anonymous Systems:

8.3.8. "True Names"

8.3.9. Many ways to get pseudonyms:

8.3.10. "How is Pseudonymity Compromised?"

8.3.11. Miscellaneous Issues

8.4. Reasons for Anonymity and Digital Pseudonyms (and Untraceable EMail)

8.4.1. (Thre are so many reasons, and this is asked so often, that I've collected these various reasons here. More can be added, of course.)

8.4.2. Privacy in general

8.4.3. Physical Threats

8.4.4. Voting

8.4.5. Maintenance of free speech

8.4.6. Adopt different personnas, pseudonyms

8.4.7. Choice of reading material, viewing habits, etc.

8.4.8. Anonymity in Requesting Information, Services, Goods

8.4.9. Anonymity in Belonging to Certain Clubs, Churches, or Organizations

8.4.10. Anonymity in Giving Advice or Pointers to Information

8.4.11. Reviews, Criticisms, Feedback

8.4.12. Protection against lawsuits, "deep pockets" laws

8.4.13. Journalism and Writing

8.4.14. Academic, Scientific, or Professional

8.4.15. Medical Testing and Treatment

8.4.16. Abuse, Recovery

8.4.17. Bypassing of export laws

8.4.18. Sex groups, discussions of controversial topics

8.4.19. Avoiding political espionage

8.4.20. Controversial political discussion, or membership in political groups, mailing lists, etc.

8.4.21. Preventing Stalking and Harassment

8.4.22. pressure relief valve: knowing one can flee or head for the frontier and not be burdened with a past

8.4.23. preclude lawsuits, subpoenas, entanglement in the legal machinery

8.4.24. Business Reasons

8.4.25. Protection against retaliation

8.4.26. Preventing Tracking, Surveillance, Dossier Society

8.4.27. Some Examples from the Cypherpunks List

8.5. Untraceable E-Mail

8.5.1. The Basic Idea of Remailers

8.5.2. Why is untraceable mail so important?

8.5.3. How do Cypherpunks remailers work?

8.5.4. How, in simple terms, can I send anonymous mail?

8.5.5. Chaum's Digital Mixes

8.5.6. "Are today's remailers secure against traffic analysis?" - Mostly not. Many key digital mix features are missing, and the gaps can be exploited.

8.6. Remailers and Digital Mixes (A Large Section!)

8.6.1. What are remailers?

8.6.2. Cypherpunks remailers compared to Julf's

8.6.3. "How do remailers work?"

8.6.4. "What are some uses of remailers?"

8.6.5. "Why are remailers needed?"

8.6.6. "How do I actually use a remailer?"

8.6.7. Remailer Sites

8.6.8. "How do I set up a remailer at my site?"

8.6.9. "How are most Cypherpunks remailers written, and with what tools?"

8.6.10. Dealing with Remailer Abuse

8.6.11. Generations of Remailers

8.6.12. Remailer identity escrow

8.6.13. Remailer Features

8.6.14. Things Needed in Remailers

8.6.15. Miscellaneous Aspects of Remailers

8.7. Anonymous Posting to Usenet

8.7.1. Julf's penet system has historically been the main way to post anonymously to Usenet (used by no less a luminary than L. Detweiler, in his "an12070/S. Boxx" personna). This has particulary been the case with postings to "support" groups, or emotional distress groups. For example, alt.sexual.abuse.recovery.

8.7.2. Cryptographically secure remailes are now being used increasingly (and scaling laws and multiple jurisdictions suggest even more will be used in the future).

8.7.3. finger remailer.help.all@chaos.bsu.edu gives these results [as of 1994-09-07--get a current result before using!]

8.8. Anonymous Message Pools, Newsgroups, etc.

8.8.1. "Why do some people use message pools?"

8.8.2. alt.anonymous.messages is one such pool group

8.8.3. "Could there be truly anonymous newsgroups?"

8.9.1. What's the legal status of remailers?

8.9.2. "Can remailer logs be subpoenaed?"

8.9.3. How will remailers be harassed, attacked, and challenged?

8.9.4. "Can pressure be put on remailer operators to reveal traffic logs and thereby allow tracing of messages?"

8.9.5. Calls for limits on anonymity

8.9.6. Remailers and Choice of Jurisdictions

8.9.7. Possible legal steps to limit the use of remailers and anonymous systems

8.9.8. Crypto and remailers can be used to protect groups from "deep pockets" lawsuits

8.9.9. Could anonymous remailers be used to entrap people, or to gather information for investigations?

8.10. Cryptanalysis of Remailer Networks

8.10.1. The Need for More Detailed Analysis of Mixes and Remailers

8.10.2. A much-needed thing. Hal Finney has posted some calculations (circa 1994-08-08), but more work is sorely needed.

8.10.3. In particular, we should be skeptical of hand-waving analyses of the "it sure looks complicated to follow the traffic" sort. People think that by adding "messy" tricks, such as MIRVing messages, that security is increased. Maybe it is, maybe it isn't. But it needs formal analysis before claims can be confidantly believed.

8.10.4. Remailers and entropy

8.10.5. Scott Collins believes that remailer networks can be cryptanalyzed roughly the same way as pseudorandom number generators are analyzed, e.g., with dynamic Markov compressors (DNCs). (I'm more skeptical: if each remailer is using an information-theoretically secure RNG to reorder the messages, and if all messages are the same size and (of course) are encypted with information-theoretically secure (OTP) ciphers, then it seems to me that the remailing would itself be information-theoretically secure.)

8.11. Dining Cryptographers

8.11.1. This is effectively the "ideal digital mix," updated from Chaum's original hardware mix form to a purely software-based form.

8.11.2. David Chaum's 1988 paper in Journal of Crypology (Vol 1, No

  1. outlines a way for completely untraceable communication using only software (no tamper-resistant modules needed)
    • participants in a ring (hence "dining cryptographers")

8.11.3. What "DC-Net" Means

8.12. Future Remailers

8.12.1. "What are the needed features for the Next Generation Remailer?"

8.12.2. Remailing as a side effect of mail filtering

8.12.3. "Are there any remailers which provide you with an anonymous account to which other people may send messages, which are then forwarded to you in a PGP-encrypted form?" Mikola Habryn, 94-04

8.12.4. "Remailer Alliances"

8.13. Loose Ends

8.13.1. Digital espionage

8.13.2. Remailers needs some "fuzziness," probably

8.13.3. Trying to confuse the eavesdroppers, by adding keywords they will probably pick up on

8.13.4. Restrictions on anonymous systems

9. Policy, Clipper, Key Escrow, and Digital Telephony


THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, 1994-09-10, Copyright Timothy C. May. All rights reserved. See the detailed disclaimer. Use short sections under "fair use" provisions, with appropriate credit, but don't put your name on my words.

9.2. SUMMARY: Policy: Clipper,Key Escrow, and Digital Telephony

9.2.1. Main Points

9.2.2. Connections to Other Sections

9.2.3. Where to Find Additional Information

9.2.4. Miscellaneous Comments

9.3. Introduction

9.3.1. What is Clipper?

9.3.2. Why do most Cypherpunks oppose Clipper?

9.3.3. Why does Clipper rate its own section?

9.3.4. "Is stopping Clipper the main goal of Cypherpunks?"

9.4. Crypto Policy Issues

9.4.1. Peter Denning on crypto policy:

9.4.2. Will government and NSA in particular attempt to acquire some kind of control over crypto companies?

9.4.3. NIST and DSS

9.4.4. Export restrictions, Munitions List, ITAR

9.4.5. old crypto machines sold to Third World governments, cheaply

9.4.6. 4/28/97 The first of several P-K and RSA patents expires

9.4.7. encryption will be needed inside computer systems

9.5. Motivations for Crypto Laws

9.5.1. "What are the law enforcement and FBI worries?"

9.5.2. "What motivated Clipper? What did the Feds hope to gain?" - ostensibly to stop terrorists (only the unsophisticated ones, if alternatives are allowed)

9.5.3. Steve Witham has an interesting take on why folks like Dorothy Denning and Donn Parker support key escrow so ardently:

9.5.4. Who would want to use key escrow?

9.5.5. "Will strong crypto really thwart government plans?"

9.5.6. "Why does the government want short keys?"

9.6. Current Crypto Laws

9.6.1. "Has crypto been restricted in countries other than the U.S.?"

9.7. Crypto Laws Outside the U.S.

9.7.1. "International Escrow, and Other Nation's Crypto Policies?" - The focus throughout this document on U.S. policy should not lull non-Americans into complacency. Many nations already have more Draconian policies on the private use of encryption than the U.S. is even contemplating (publically). France outlaws private crypto, though enforcement is said to be problematic (but I would not want the DGSE to be on my tail, that's for sure). Third World countries often have bans on crypto, and mere possession of random-looking bits may mean a spying conviction and a trip to the gallows.

9.7.2. "Will foreign countries use a U.S.-based key escrow system?"

9.7.3. "Is Europe Considering Key Escrow?"

9.7.4. "What laws do various countries have on encryption and the use of encryption for international traffic?"

9.7.5. France planning Big Brother smart card?

9.7.6. PTTs, local rules about modem use

9.7.7. "What are the European laws on "Data Privacy" and why are they such a terrible idea?"

9.7.8. on the situation in Australia

9.7.9. "For those interested, NIST have a short document for FTP, 'Identification & Analysis of Foreign Laws & Regulations Pertaining to the Use of Commercial Encryption Products for Voice & Data Communications'. Dated Jan 1994." [Owen Lewis, Re: France Bans Encryption, alt.security.pgp, 1### 9.4-07-07]

9.8. Digital Telephony

9.8.1. "What is Digital Telephony?"

9.8.2. "What are the dangers of the Digital Telephony Bill?"

9.8.3. "What is the Digital Telephony proposal/bill?

9.9. Clipper, Escrowed Encyption Standard

9.9.1. The Clipper Proposal

9.9.2. "How long has the government been planning key escrow?"

9.9.3. Technically, the "Escrowed Encryption Standard," or EES. But early everyone still calls it "Clipper, " even if NSA belatedly realized Intergraph's won product has been called this for many years, a la the Fairchild processor chip of the same name. And the database product of the same name. I pointed this out within minutes of hearing about this on April 16th, 1993, and posted a comment to this effect on sci.crypt. How clueless can they be to not have seen in many months of work what many of us saw within seconds?

9.9.4. Need for Clipper

9.9.5. Further "justifications" for key escrow

9.9.6. Why did the government develop Clipper?

9.9.7. "Who are the designated escrow agents?"

9.9.8. Whit Diffie

9.9.9. What are related programs?

9.9.10. "Where do the names "Clipper" and "Skipjack" come from?

9.10. Technical Details of Clipper, Skipjack, Tessera, and EES

9.10.1. Clipper chip fabrication details

9.10.2. "Why is the Clipper algorithm classified?"

9.10.3. If Clipper is flawed (the Blaze LEAF Blower), how can it still be useful to the NSA?

9.10.4. What about weaknesses of Clipper?

9.10.5. "What are some of the weaknesses in Clipper?"

9.10.6. Mykotronx

9.10.7. Attacks on EES

9.10.8. Why is the algorithm secret?

9.10.9. Skipjack is 80 bits, which is 24 bits longer than the 56 bits of DES. so

9.10.10. "What are the implications of the bug in Tessera found by Matt Blaze?"

9.11. Products, Versions -- Tessera, Skipjack, etc.

9.11.1. "What are the various versions and products associated with EES?"

9.11.2. AT&T Surety Communications

9.11.3. Tessera cards

9.12. Current Status of EES, Clipper, etc.

9.12.1. "Did the Administration really back off on Clipper? I heard that Al Gore wrote a letter to Rep. Cantwell, backing off."

9.13. National Information Infrastructure, Digital Superhighway

9.13.1. Hype on the Information Superhighway

9.13.2. "Why is the National Information Infrastructure a bad idea?"

9.13.3. NII, Video Dialtone

9.13.4. The prospects and dangers of Net subsidies

9.13.5. NII, Superhighway, I-way

9.14. Government Interest in Gaining Control of Cyberspace

9.14.1. Besides Clipper, Digital Telephony, and the National Information Infrastructure, the government is interested in other areas, such as e-mail delivery (US Postal Service proposal) and maintenance of network systems in general.

9.14.2. Digital Telephony, ATM networks, and deals being cut

9.14.3. The USPS plans for mail, authentication, effects on competition, etc.

9.15. Software Key Escrow

9.15.1. (This section needs a lot more)

9.15.2. things are happening fast...

9.15.3. TIS, Carl Ellison, Karlsruhe

9.15.4. objections to key escrow

9.15.5. Micali's "Fair Escrow"

9.16. Politics, Opposition

9.16.1. "What should Cypherpunks say about Clipper?"

9.16.2. What do most Americans think about Clipper and privacy?" - insights into what we face

9.16.3. Does anyone actually support Clipper?

9.16.4. "Who is opposed to Clipper?"

9.16.5. "What's so bad about key escrow?"

9.16.6. Why governments should not have keys

9.16.7. "How might the Clipper chip be foiled or defeated?"

9.16.8. How can Clipper be defeated, politically?

9.16.9. How can Clipper be defeated, in the market?

9.16.10. How can Clipper be defeated, technologically?

9.16.11. Questions

  1. the people you want to communicate with won't have hardware to decrypt your data, statistically speaking. The beauty of clipper from the NSA point of view is that they are leveraging the installed base (they hope) of telephones and making it impossible (again, statistically) for a large fraction of the traffic to be untappable.
  2. They won't license bad people like you to make equipment like the system you describe. I'll wager that the chip distribution will be done in a way to prevent significant numbers of such systems from being built, assuring that (1) remains true." [Tom Knight, sci.crypt, 6-5-93]
    • What are the implications of mandatory key escrow?
      • "escrow" is misleading...
        • wrong use of the term
        • implies a voluntary, and returnable, situation
    • "If key escrow is "voluntary," what's the big deal?"
      • Taxes are supposedly "voluntary," too.

9.16.12. "Why is Clipper worse than what we have now?"

9.16.13. on trusting the government

9.17.1. As John Gilmore put it in a guest editorial in the "San Francisco Examiner," "...we want the public to see a serious debate about why the Constitution should be burned in order to save the country." [J.G., 19.4-06-26, quoted by S.

Sandfort]

9.17.2. "I don't see how Clipper gives the government any powers or capabilities it doesn't already have. Comments?"

9.17.3. Is Clipper really voluntary?

9.17.4. If Clipper is voluntary, who will use it?

9.17.5. Restrictions on Civilian Use of Crypto

9.17.6. "Has crypto been restricted in the U.S.?"

9.17.8. reports that Department of Justice has a compliance enforcement role in the EES [heard by someone from Dorothy Denning, 19.4-07], probably involving checking the law enforcement agencies...

9.17.9. Status

9.17.10. "Will Clipper be voluntary?"

9.18. Concerns

9.18.1. Constitutional Issues

9.18.2. "What are some dangers of Clipper, if it is widely adopted?" + sender/receiver ID are accessible without going to the key escrow

9.18.3. Market Isssues

9.18.4. "What are the weaknesses in Clipper?"

9.18.5. What it Means for the Future

9.18.6. Skipjack

9.18.7. National security exceptions

9.18.8. In my view, any focus on the details of Clipper instead of the overall concept of key escrow plays into their hands.

This is not to say that the work of Blaze and others is misguided...in fact, it's very fine work. But a general focus on the details of Skipjack does nothing to allay my concerns about the principle of government-mandated crypto. If it were "house key escrow" and there were missing details about the number of teeth allowed on the keys, would be then all breathe a sigh of relief if the details of the teeth were clarified? Of course not. Me, I will never use a key escrow system, even if a blue ribbon panel of hackers and Cypherpunks studies the design and declares it to be cryptographically sound.

9.18.9. Concern about Clipper

9.18.10. Some wags have suggested that the new escrow agencies be chosen from groups like Amnesty International and the ACLU. Most of us are opposed to the "very idea" of key escrow

(think of being told to escrow family photos, diaries, or house keys) and hence even these kinds of skeptical groups are unacceptable as escrow agents.

9.19. Loose Ends

9.19.1. "Are trapdoors--or some form of escrowed encryption-justified in some cases?"

9.19.2. DSS

9.19.3. The U.S. is often hypocritical about basic rights

9.19.4. "is-a-person" and RSA-style credentials

10. Legal Issues


THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, 1994-09-10, Copyright Timothy C. May. All rights reserved. See the detailed disclaimer. Use short sections under "fair use" provisions, with appropriate credit, but don't put your name on my words.

10.2.1. Main Points

10.2.2. Connections to Other Sections

10.2.3. Where to Find Additional Information

10.2.4. Miscellaneous Comments

10.3. Basic Legality of Encryption

10.3.1. "Is this stuff legal or illegal?"

10.3.2. "Why is the legal status of crypto so murky?"

10.3.3. "Has the basic legality of crypto and laws about crypto been tested?"

10.3.4. "Can authorities force the disclosure of a key?"

10.3.5. Forgetting passwords, and testimony

10.3.6. "What about disavowal of keys? Of digital signatures? Of contracts?

10.3.7. "What are some arguments for the freedom to encrypt?"

10.3.8. Restrictions on anonymity

10.3.9. "Are bulletin boards and Internet providers "common carriers" or not?"

10.3.10. Too much cleverness is passing for law

10.3.11. "Is it legal to advocate the overthrow of governments or the breaking of laws?"

10.4. Can Crypto be Banned?

10.4.1. "Why won't government simply _ban such encryption methods?" + This has always been the Number One Issue!

10.4.2. The long-range impossibility of banning crypto

10.4.3. Banning crypto is comparable to

10.4.4. So Won't Governments Stop These Systems?

10.4.5. Scenario for a ban on encryption

10.4.6. Can the flow of bits be stopped? Is the genie really out of the bottle?

10.8.1. "What's the legal status of digital cash?"

10.8.2. "Is there a tie between digital cash and money laundering?"

10.8.3. "Is it true the government of the U.S. can limit funds transfers outside the U.S.?"

10.8.4. "Are "alternative currencies" allowed in the U.S.? And what's the implication for digital cash of various forms?

10.8.5. "Why might digital cash and related techologies take hold early in illegal markets? That is, will the Mob be an early adopter?"

10.8.6. "Electronic cash...will it have to comply with laws, and how?"

10.8.7. Currency controls, flight capital regulations, boycotts, asset seizures, etc.

10.8.8. "Will banking regulators allow digital cash?"

10.9. Legality of Digital Banks and Digital Cash?

10.9.1. In terms of banking laws, cash reporting regulations, money laundering statutes, and the welter of laws connected with financial transactions of all sorts, the Cypherpunks themes and ideas are basically illegal. Illegal in the sense that anyone trying to set up his own bank, or alternative currency system, or the like would be shut down quickly. As an informal, unnoticed experiment, such things are reasonably safe...until they get noticed.

10.9.2. The operative word here is "launch," in my opinion. The "launch" of the BankAmericard (now VISA) in the 1960s was not done lightly or casually...it required armies of lawyers, accountants, and other bureacrats to make the launch both legal and successful. The mere 'idea" of a credit card was not enough...that was essentially the easiest part of it all. (Anyone contemplating the launch of a digital cash system would do well to study BankAmericard as an example...and several other examples also.)

10.9.3. The same will be true of any digital cash or similar system which intends to operate more or less openly, to interface with existing financial institutions, and which is not explicity intended to be a Cypherpunkish underground activity.

10.10. Export of Crypto, ITAR, and Similar Laws

10.10.1. "What are the laws and regulations about export of crypto, and where can I find more information?"

10.10.2. "Is it illegal to send encrypted stuff out of the U.S.?"

10.10.3. "What's the situation about export of crypto?"

10.10.4. Why and How Crypto is Not the Same as Armaments

10.10.5. "What's ITAR and what does it cover?"

10.10.6. "Can ITAR and other export laws be bypassed or skirted by doing development offshore and then importing strong crypto into the U.S.?"

10.11. Regulatory Arbitrage

10.11.1. Jurisdictions with more favorable laws will see claimants going there.

10.11.2. Similar to "capital flight" and "people voting with their feet."

10.11.3. Is the flip side of "jurisdiction shopping." wherein prosecutors shop around for a jurisdiction that will be likelier to convict. (As with the Amateur Action BBS case, tried in Memphis, Tennessee, not in California.)

10.12. Crypto and Pornography

10.12.1. There's been a lot of media attention given to this, especially pedophilia (pedophilia is not the same thing as porn, of course, but the two are often discussed in articles about the Net). As Rishab Ghosh put it: "I think the pedophilic possibilities of the Internet capture the imaginations of the media -- their deepest desires, perhaps." [R.G., 1994-07-01]

10.12.2. The fact is, the two are made for each other. The untraceability of remailers, the unbreakability of strong crypto if the files are intercepted by law enforcement, and the ability to pay anonymously, all mean the early users of commercial remailers will likely be these folks.

10.12.3. Avoid embarrassing stings! Keep your job at the elementary school! Get re-elected to the church council!

10.12.4. pedophilia, bestiality, etc. (morphed images)

10.12.5. Amateur Action BBS operator interested in crypto...a little

bit too late

10.12.6. There are new prospects for delivery of messages as part of stings or entrapment attacks, where the bits decrypt into incriminating evidence when the right key is used. (XOR of course)

10.12.7. Just as the law enforcement folks are claiming, strong crypto and remailers will make new kinds of porn networks. The nexus or source will not be known, and the customers will not be known.

10.13. Usenet, Libel, Local Laws, Jurisdictions, etc.

10.13.1. (Of peripheral importance to crypto themes, but important for issues of coming legislation about the Net, attempts to "regain control," etc. And a bit of a jumble of ideas, too.)

10.13.2. Many countries, many laws. Much of Usenet traffic presumably violates various laws in Iran, China, France, Zaire, and the U.S., to name f ew places which have laws about what thoughts can be expressed.

10.13.3. Will this ever result in attempts to shut down Usenet, or at least the feeds into various countries?

10.13.4. On the subject of Usenet possibly being shut-down in the U.K. (a recent rumor, unsubstantiated), this comment: " What you have to grasp is that USENET type networks and the whole structure of the law on publshing are fundamentally incompatiable. With USENT anyone can untracably distribute pornographic, libelous, blasphemous, copyright or even officially secret information. Now, which do you think HMG and, for that matter, the overwhealming majority of oridnary people in this country think is most important. USENET or those laws?" [Malcolm McMahon, malcolm@geog.leeds.ac.uk, comp.org.eff.talk, 1994--08-26]

10.13.5. Will it succeed? Not completely, as e-mail, gopher, the Web, etc., still offers access. But the effects could reach most casual users, and certainly affect the structure as we know it today.

10.13.6. Will crypto help? Not directly--see above.

10.14. Emergency Regulations

10.14.1. Emergency Orders

10.14.2. Legal, secrecy orders

10.14.3. Can the FCC-type Requirements for "In the clear" broadcasting (or keys supplied to Feds) be a basis for similar legislation of private networks and private use of encryption?

10.15. Patents and Copyrights

10.15.1. The web of patents

10.15.2. Role of RSA, Patents, etc.

10.15.3. Lawsuits against RSA patents

10.15.4. "What about the lawsuit filed by Cylink against RSA Data Security Inc.?"

10.15.5. "Can the patent system be used to block government use of patents for purposes we don't like?"

10.16. Practical Issues

10.16.1. "What if I tell the authorities I Forgot My Password?"

10.16.2. Civil vs. Criminal

10.16.3. the law is essentially what the courts say it is

10.17. Free Speech is Under Assault

10.17.1. Censorship comes in many forms. Tort law, threats of grant or contract removal, all are limiting speech. (More reasons for anonymous speech, of course.)

10.17.2. Discussions of cryptography could be targets of future crackdowns. Sedition laws, conspiracy laws, RICO, etc. How long before speaking on these matters earns a warning letter from your university or your company? (It's the "big stick" of ultimate government action that spurs these university and company policies. Apple fears being shut down for having "involvement" with a terrorist plot, Emory University fears being sued for millions of dollars for "conspiring" to degrade wimmin of color, etc.)

How long before "rec.guns" is no longer carried at many sites, as they fear having their universities or companies linked to discussions of "assault weapons" and "cop-killer bullets"? Prediction: Many companies and universities, under pressure from the Feds, will block groups in which encrypted files are posted. After all, if one encrypts, one must have something to hide, and that could expose the university to legal action from some group that feels aggrieved.

10.17.3. Free speech is under assault across the country. The tort system is being abused to stifle dissenting views (and lest you think I am only a capitalist, only a free marketeer, the use of "SLAPP suits"--"Strategic Lawsuits Against Public Participation"--by corporations or real estate developers to threaten those who dare to publicly speak against their projects is a travesty, a travesty that the courts have only recently begun to correct).

We are becoming a nation of sheep, fearing the midnight raid, the knock on the door. We fear that if we tell a joke, someone will glare at us and threaten to sue us and our company! And so companies are adopting "speech codes" and other such baggage of the Orwell's totalitarian state. Political correctness is extending its tendrils into nearly every aspect of life in America.

10.18. Systems, Access, and the Law

10.18.2.

one?"

10.19. Credentials

10.19.1. "Are credentials needed? Will digital methods be used?"

10.19.2. I take a radical view. Ask yourself why credentials are ever needed. Maybe for driving a car, and the like, but in those cases anonymity is not needed, as the person is in the car, etc.

Credentials for drinking age? Why? Let the parents enforce this, as the argument goes about watching sex and violence on t.v. (If one accepts the logic of requiring bars to enforce children's behavior, then one is on a slippery slope toward requiring television set makers to check smartcards of viewers, or of requiring a license to access the Internet, etc.) In almost no cases do I see the need to carry "papers" with me. Maybe a driver's license, like I said. In other areas, why?

10.19.3. So Cypherpunks probably should not spend too much time worrying about how permission slips and "hall passes" will be handled. Little need for them.

10.19.4. "What about credentials for specific job performance, or for establishing time-based contracts?"

10.20. Escrow Agents

10.20.1. (the main discussion of this is under Crypto Anarchy)

10.20.2. Escrow Agents as a way to deal with contract renegging

10.21. Loose Ends

10.21.1. Legality of trying to break crypto systems

10.21.2. wais, gopher, WWW, and implications

10.21.3. "Why are so many prominent Cypherpunks interested in the law?"

10.21.4. "How will crypto be fought?"

10.21.5. Stego may also be useful in providing board operators with "plausible deniabillity"--they can claim ignorance of the LSB contents (I'm not saying this will stand up in court very well, but any port in a storm, especially port 25).

10.21.6. Can a message be proved to be encrypted, and with what key? .21.7. Legality of digital signatures and timestamps?

10.21.9. "What are the dangers of standardization and official sanctioning?"

10.21.10. Restrictions on voice encryption?

10.21.11. Fuzziness of laws

FinCEN triggers. The IRS may claim it is "capital flight" to avoid taxes--which it may well be. Basically, your own money is no longer yours. There may be ways to do this--I hope so--but the point remains that the rules are fuzzy, and the discretionary powers to seize assets are great. Seek competent counsel, and then pray.)

10.21.12. role of Uniform Commercial Code (UCC)

10.21.13. "What about the rush to legislate, to pass laws about cyberspace, the information superduperhighway, etc.?

10.21.14. on use of offshore escrow agents as protection against seizures

10.21.15. Can the FCC-type Requirements for "In the clear" broadcasting (or keys supplied to Feds) be a basis for similar legislation of private networks and private use of encryption?

10.21.16. Things that could trigger a privacy flap or limitations on crypto

10.21.18. "identity escrow", Eric Hughes, for restrictions on e-mail accounts and electronic PO boxes (has been talked about,

apparently...no details) .

11. Surveillance, Privacy, And Intelligence Agencies


HE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, 1994-09-10, Copyright Timothy C. May. All rights reserved. See the detailed disclaimer. Use short sections under "fair use" provisions, with appropriate credit, but don't put your name on my words.

11.2. SUMMARY: Surveillance, Privacy, And Intelligence Agencies .2.1. Main Points

11.2.2. Connections to Other Sections

11.2.3. Where to Find Additional Information

11.2.4. Miscellaneous Comments

11.3. Surveillance and Privacy

11.3.1. We've come a long way from Secretary of State Stimpson's famous "Gentlemen do not read other gentlemen's mail" statement. It is now widely taken for granted that Americans are to be monitored, surveilled, and even wiretapped by the various intelligence agencies. The FBI, the National Security Agency, the CIA, the National Reconnaissance Office, etc. (Yes, these groups have various charters telling them who they can spy on, what legalities they have to meet, etc. But they still spy. And there's not an uproar--the "What have you got to hide?" side of the American privacy dichotomy.)

11.3.2. Duncan Frissell reminds us of Justice Jackson's 1948 dissenting opinion in some case:

11.3.3. "What is the "surveillance state"?"

11.3.4. "Why would the government monitor my communications?" - "Because of economics and political stability...You can

build computers and monitoring devices in secret, deploy them in secret, and listen to everything. To listen to everything with bludgeons and pharmaceuticals would not only cost more in labor and equipment, but also engender a radicalizing backlash to an actual police state." [Eric Hughes, 1994-01-26]

11.3.5. "How much surveillance is actually being done today?"

11.3.6. "Does the government want to monitor economic transactions?"

11.3.7. A danger of the surveillance society: You can't hide

11.3.8. "Should I refuse to give my Social Security Number to those who ask for it?"

11.3.9. "What is 'Privacy 101'?"

11.3.10. Cellular phones are trackable by region...people are getting phone calls as they cross into new zones, "welcoming" them

11.3.11. Ubiquitous use of SSNs and other personal I.D.

11.3.12. cameras that can recognize faces are placed in many public places, e.g., airports, ports of entry, government buildings

11.3.13. speculation (for the paranoids)

11.3.14. Diaries are no longer private

11.4. U.S. Intelligence Agencies: NSA, FinCEN, CIA, DIA, NRO, FBI

11.4.1. The focus here is on U.S. agencies, for various reasons. Most Cypherpunks are currently Americans, the NSA has a dominant role in surveillance technology, and the U.S. is the focus of most current crypto debate. (Britain has the GCHQ, Canada has its own SIGINT group, the Dutch have..., France has DGSE and

so forth, and...)

11.4.2. Technically, not all are equal. And some may quibble with my calling the FBI an "intelligence agency." All have surveillance and monitoring functions, albeit of different flavors.

11.4.3. "Is the NSA involved in domestic surveillance?"

11.4.4. "What will be the effects of widespread crypto use on intelligence collection?"

11.4.5. "What will the effects of crypto on conventional espionage?"

11.4.6. NSA budget

11.4.7. FINCEN, IRS, and Other Economic Surveillance

11.4.8. "Why are so many computer service, telecom, and credit agency companies located near U.S. intelligence agency sites?"

11.4.9. Task Force 157, ONI, Kissinger, Castle Bank, Nugan Hand Bank, CIA

11.4.10. NRO building controversy

11.4.11. SIGINT listening posts

11.4.12. "What steps is the NSA taking?"

11.5. Surveillance in Other Countries

11.5.1. Partly this overlaps on the earlier discussion of crypto laws in other countries.

11.5.2. Major Non-U.S. Surveillance Organizations

11.5.3. They are very active, though they get less publicity than do the American CIA, NSA, FBI, etc.

11.6. Surveillance Methods and Technology

11.6.1. (some of this gets speculative and so may not be to everyone's liking)

11.6.2. "What is TEMPEST and what's the importance of it?"

11.6.3. What are some of the New Technologies for Espionage and Surveillance

11.6.4. Digital Telephony II is a major step toward easier surveillance

11.6.5. Citizen tracking

11.6.6. Cellular phones are trackable by region...people are getting phone calls as they cross into new zones, "welcoming" them

11.6.7. coming surveillance, Van Eck, piracy, vans

11.6.8. wiretaps

11.7. Surveillance Targets

11.7.1. Things the Government May Monitor

11.7.2. Economic Intelligence (Spying on Corporations, Foreign and Domestic)

11.7.3. War on Drugs and Money Laundering is Causing Increase in Surveillance and Monitoring

11.8.1. "Can my boss monitor my work?" "Can my bankruptcy in 1980 be used to deny me a loan?" etc.

11.8.2. Theme: to protect some rights, invasion of privacy is being justified

11.8.3. Government ID cards, ability to fake identities

11.8.4. Legalities of NSA surveillance

11.9. Dossiers and Data Bases

11.9.1. "The dossier never forgets"

11.9.2. "What about the privacy issues with home shopping, set-top boxes, advertisers, and the NII?"

11.9.3. credit agencies

11.9.4. selling of data bases, linking of records...

11.10. Police States and Informants

11.10.1. Police states need a sense of terror to help magnify the power or the state, a kind of "shrechlichkeit," as the Nazis used to call it. And lots of informants. Police states need willing accomplices to turn in their neighbors, or even their parents, just as little Pavel Morozov became a Hero of the Soviet People by sending his parents to their deaths in Stalin's labor camps for the crime of expressing negative opinions about the glorious State.

11.10.2. Children are encouraged in federally-mandated D.A.R.E. programs to become Junior Narcs, narcing their parents the cops and counselors who come into their schools.

11.10.3. The BATF has a toll-free line (800-ATF-GUNS) for neighbors who one thinks are violating the federal gun

out of tips by spouses and ex-spouses...they have the inside dope, the motive, and the means - a sobering thought even in the age of crypto

11.11. Privacy Laws

11.11.1. Will proposed privacy laws have an effect?

11.11.2. "Why are things like the "Data Privacy Laws" so bad?"

11.11.3. on the various "data privacy laws"

11.11.4. "What do Cypherpunks think about this?"

11.11.5. Assertions to data bases need to be checked (credit, reputation, who said what, etc.)

11.12. National ID Systems

11.12.1. "National ID cards are just the driver's licenses on the Information Superhighway." [unknown...may have been my coining]

11.12.2. "What's the concern?"

11.12.3. Insurance and National Health Care will Produce the "National ID" that will be Nearly Unescapable

11.12.4. National ID Card Arguments

11.12.5. "What are some concerns about Universal ID Cards?"

11.12.6. Postal Service trial balloon for national ID card

11.12.7. Scenario for introduction of national ID cards

11.12.8. Comments on national ID cards

11.13. National Health Care System Issues

11.13.1. Insurance and National Health Care will Produce the "National ID" that will be Nearly Unescapable

11.13.2. I'm less worried that a pharmacist will add me to some database he keeps than that my doctor will be instructed to compile a dossier to government standards and then zip it off over the Infobahn to the authorities.

11.13.3. Dangers and issues of National Health Care Plan

11.14. Credentials

11.14.1. This is one of the most overlooked and ignored aspects of cryptology, especially of Chaum's work. And no one in Cypherpunks or anywhere else is currently working on "blinded credentials" for everyday use.

11.14.2. "Is proof of identity needed?"

11.14.3. "Do we need "is-a-person" credentials for things like votes on the Net?"

11.14.4. Locality, credentials, validations

11.15. Records of all UseNet postings

11.15.1. (ditto for CompuServe, GEnie, etc.) will exist

11.15.2. "What kinds of monitoring of the Net is possible?"

11.15.3. Records: note that private companies can do the same thing, except that various "right to privacy" laws may try to interfere with this

11.15.4. "How can you expect that something you sent on the UseNet to several thousand sites will not be potentially held against you? You gave up any pretense of privacy when you broadcast your opinions-and even detailed declarations of your activities-to an audience of millions. Did you really think that these public messages weren't being filed away? Any private citizen would find it almost straightforward to sort a measly several megabytes a day by keywords, names of posters, etc." [I'm not sure if I wrote this, or if someone else who I forgot to make a note of did]

11.15.5. this issue is already coming up: a gay programmer who was laid-off discussed his rage on one of the gay boards and said he was thinking of turning in his former employer for widespread copying of Autocad software...an Autodesk employee answered him with "You just did!"

11.15.6. corporations may use GREP and On Location-like tools to search public nets for any discussion of themselves or their products

11.15.7. the 100% traceability of public postings to UseNet and other bulletin boards is very stifling to free expression and becomes one of the main justifications for the use of anonymous (or pseudononymous) boards and nets

11.16. Effects of Surveillance on the Spread of Crypto

11.16.1. Surveillance and monitoring will serve to increase the use of encryption, at first by people with something to hide, and

then by others

11.16.2. for those in sensitive positions, the availability of new bugging methods will accelerate the conversion to secure systems based on encrypted telecommunications and the avoidance of voice-based systems

11.16.3. Surveillance Trends

11.17. Loose Ends

11.17.1. USPS involvement in electronic mail, signatures, authentication (proposed in July-August, 1994)

11.17.2. the death threats

11.17.3. False identities...cannot just be "erased" from the computer memory banks. The web of associations, implications, rule firings...all mean that simple removal (or insertion of a false identity) produces discontinuities, illogical developments, holes...history is not easily changed.

12. Digital Cash and Net Commerce


THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, 1994-09-10, Copyright Timothy C. May. All rights reserved. See the detailed disclaimer. Use short sections under "fair use" provisions, with appropriate credit, but don't put your name on my words.

12.2. SUMMARY: Digital Cash and Net Commerce

12.2.1. Main Points

12.2.2. Connections to Other Sections

12.2.3. Where to Find Additional Information

12.2.4. Miscellaneous Comments

12.3. The Nature of Money

12.3.1. The nature of money, of banking and finance,

is a topic that suffuses most discussions of digital cash. Hardly surprising. But also an area that is even more detailed than is crypto. And endless confusion of terms, semantic quibblings on the list, and so on. I won't be devoting much space to trying to explain economics, banking, and the deep nature or money.

12.3.2. There are of course many forms of cash or money today (these terms are not equivalent...)

12.3.3. Many forms of digital money.

Just as there are dozens of major forms of instruments, so too will there be many forms of digital money. Niches will be filled.

12.3.4. The deep nature of money is unclear to me.

There are days when I think it's just a giant con game, with value in money only because others will accept it. Other days when I think it's somewhat tied to "real things" like gold and silver. And other days when I'm just unconcerned (so long as I have it, and it works).

12.3.5. The digital cash discussions get similarly confused by the various ideas about money.

Digital cash is not necessarily a form of currency, but is instead a transfer mechanism. More like a "digital check," in fact (though it may give rise to new currencies, or to wider use of some existing currency...at some point, it may become indistinguishable from a currency).

12.3.6. I advise that people not worry overly much about the true and deep nature of money,

and instead think about digital cash as a transfer protocol for some underlyng form of money, which might be gold coins, or Swiss francs, or chickens, or even giant stone wheels.

12.3.7. Principle vs. Properties of Money

12.3.8. "Can a "digital coin" be made?"

12.3.9. "What is the 'granularity' of digital cash?"

12.3.10. Debate about money and finance gets complicated

12.4. Smart Cards

12.4.1. "What are smart cards and how are they used?"

12.4.2. Visa Electronic Purse

12.4.3. Mondex

12.5. David Chaum's "DigiCash"

12.5.1. "Why is Chaum so important to digital cash?"

12.5.2. "What's his motivation?"

12.5.3. "How does his system work?"

12.5.4. "What is happening with DigiCash?"

12.5.5. The Complexities of Digital Cash

12.6. Online and Offline Clearing, Double Spending

12.6.1. (this section still under construction)

12.6.2. This is one of the main points of division between systems.

12.6.3. Online Clearing

12.6.4. Offline Clearing

12.6.5. Double spending

12.6.6. Issues

12.6.7. "How does on-line clearing of anonymous digital cash work?" - There's a lot of math connected with blinding,

exponentions, etc. See Schneier's book for an introduction, or the various papers of Chaum, Brands, Bos, etc.

12.7. Uses for Digital Cash

12.7.1. Uses for digital cash?

12.7.2. "What are some motivations for anonymous digital cash?" + Payments that are unlinkable to identity, especially for things like highway tolls, bridge tolls, etc.

 - where linkablity would imply position tracking

12.8. Other Digital Money Systems

12.8.1. "There seem to be many variants...what's the story?"

12.8.2. Crypto and Credit Cards (and on-line clearing)

12.8.3. Many systems being floated. Here's a sampling:

12.8.4. Nick Szabo:

12.8.5. "What about non-anonymous digital cash?"

12.8.6. Microsoft plans to enter the home banking business

12.8.7. Credit card clearing...individuals can't use the system

10.8.1. "What's the legal status of digital cash?"

10.8.2. "Is there a tie between digital cash and money laundering?"

10.8.3. "Is it true the government of the U.S. can limit funds transfers outside the U.S.?"

10.8.4. "Are "alternative currencies" allowed in the U.S.? And what's the implication for digital cash of various forms?

10.8.5. "Why might digital cash and related techologies take hold early in illegal markets? That is, will the Mob be an early adopter?"

10.8.6. "Electronic cash...will it have to comply with laws, and how?"

10.8.7. Currency controls, flight capital regulations, boycotts, asset seizures, etc.

10.8.8. "Will banking regulators allow digital cash?"

12.10. Prospects for Digital Cash Use

12.10.1. "If digital money is so great, why isn't it being used?"

12.10.2. "Why isn't digital money in use?"

12.10.3. "why isn't digital cash being used?"

12.10.4. "Is strong crypto needed for digital cash?"

12.10.5. on why we may not have it for a while, from a non-Cypherpunk commenter:

12.10.6. "Why do a lot of schemes for things like digital money have problems on the Net?

12.10.7. Scenario for deployment of digital cash

12.11. Commerce on the Internet

12.11.1. This has been a brewing topic for the past couple of years.

In 1994 thing heated up on several fronts:

12.11.2. I have no idea which ones will succeed...

12.11.3. NetMarket

12.11.4. CommerceNet

12.11.5. EDI, purchase orders, paperwork reduction, etc.

12.11.6. approaches

12.11.7. lightweight vs. heavyweight processes for Internet commerce

12.12. Cypherpunks Experiments ("Magic Money")

12.12.1. What is Magic Money?

12.12.2. Matt Thomlinson experimented with a derivative version called "GhostMarks"

12.12.3. there was also a "Tacky Tokens" derivative

12.12.4. Typical Problems with Such Experiments

12.13. Practical Issues and Concerns with Digital Cash

12.13.1. "Is physical identity proof needed for on-line clearing?"

12.13.2. "Is digital cash traceable?"

12.13.3. "Is there a danger that people will lose the numbers that they need to redeem money? That someone could steal the number and thus steal their money?"

12.14. Cyberspace and Digital Money

12.14.1. "You can't eat cyberspace, so what good is digital money?"

12.14.2. "How can I remain anonymous when buying physical items using anonymous digital cash?'

12.15. Outlawing of Cash

12.15.1. "What are the motivations for outlawing cash?"

12.15.2. Lest this be considered paranoid ranting, let me point out that many actions have already been taken that limit the form of money (banking laws, money laundering, currency restrictions...even the outlawing of competing currencies itself)

12.15.3. Dangers of outlawing cash

12.15.4. Given that there is no requirement for identity to be associated with money, we should fight any system which proposed to link the two.

12.15.5. The value of paying cash

12.15.6. "Will people accept the banning of cash?"

12.16. Novel Opportunities

12.16.1. Encrypted open books, or anonymous auditing

12.16.2. "How can software components be sold, and how does crypto figure in?"

12.17. Loose Ends

12.17.1. Reasons to have no government involvement in commerce

12.17.2. "Purist" Approach to Keys, Cash, Responsibility

13. Activism and Projects


THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, 1994-09-10, Copyright Timothy C. May. All rights reserved. See the detailed disclaimer. Use short sections under "fair use" provisions, with appropriate credit, but don't put your name on my words.

13.2. SUMMARY: Activism and Projects

13.2.1. Main Points

13.2.2. Connections to Other Sections

13.2.3. Where to Find Additional Information

13.2.4. Miscellaneous Comments

13.3. Activism is a Tough Job

13.3.1. "herding cats"

..trying to change the world through exhortation seems a particulary ineffective notion

13.3.2. There's always been a lot of wasted time and rhetoric

on the Cypherpunks list as various people tried to get others to follow their lead, to adopt their vision. (Nothing wrong with this, if done properly. If someone leads by example, or has a particularly compelling vision or plan, this may naturally happen. Too often, though, the situation was that someone's vague plans for a product were declared by them to be the standards that others should follow. Various schemes for digital money, in many forms and modes, has always been the prime example of this.)

13.3.3. This is related also to what Kevin Kelley calls "the fax effect."

When few people own fax machines, they're not of much use. Trying to get others to use the same tools one has is like trying to convince people to buy fax machines so that you can communicate by fax with them...it may happen, but probably for other reasons. (Happily, the interoperability of PGP provided a common communications medium that had been lacking with previous platform-specific cipher programs.)

13.3.4. Utopian schemes are also a tough sell.

Schemes about using digital money to make inflation impossible, schemes to collect taxes with anonymous systems, etc.

13.3.5. Harry Browne's "How I Found Freedom in an Unfree World" is well worth reading;

he advises against getting upset and frustrated that the world is not moving in the direction one would like.

13.4. Cypherpunks Projects

13.4.1. "What are Cypherpunks projects?"

13.4.2. Extensions to PGP

13.4.3. Spread of PGP and crypto in general.

13.4.4. Remailers

13.4.5. Steganography

13.4.6. Anonymous Transaction Systems

13.4.7. Voice Encryption, Voice PGP

13.4.8. DC-Nets

  1. Odd parity is impossible. Now the Cypherpunks agree that if one of them paid, he or she will SAY THE OPPOSITE of what they actually see. Remember, they don't announce what their coin turned up as, only whether it was the same or different as their neighbor. Suppose none of them paid, i.e., the NSA paid. Then they all report the truth and the parity is even (either 0 or 2 differences). They then know the NSA paid. Suppose one of them paid the bill. He reports the opposite of what he actually sees, and the parity is suddenly odd. That is, there is 1 difference reported. The Cypherpunks now know that one of them paid. But can they determine which one? Suppose you are one of the Cypherpunks and you know you didn't pay. One of the other two did. You either reported SAME or DIFFERENT, based on what your neighbor to the right (whose coin you can see) had. But you can't tell which of the other two is lying! (You can see you right-hand neighbor's coin, but you can't see the coin he sees to his right!) This all generalizes to any number of people. If none of them paid, the parity is even. If one of them paid, the parity is odd. But which one of them paid cannot be deduced. And it should be clear that each round can transmit a bit, e.g., "I paid" is a "1". The message "Attack at dawn" could thus be "sent" untraceably with multiple rounds of the protocol.
  1. With each round of this protocol, a single bit is transmitted. Sending a long message means many coin flips. Instead of coins and menus, the neighbors would exchange lists of random numbers (with the right partners, as per the protocol above, of course. Details are easy to figure out.)
  2. Since the lists are essentially one-time pads, the protocol is unconditionally secure, i.e., no assumptions are made about the difficulty of factoring large numbers or any other crypto assumptions.
  3. Participants in such a "DC-Net" (and here we are coming to the heart of the "crypto anarchy" idea) could exchange CD-ROMs or DATs, giving them enough "coin flips" for zillions of messages, all untraceable! The logistics are not simple, but one can imagine personal devices, like smart card or Apple "Newtons," that can handle these protocols (early applications may be for untraceable brainstorming comments, secure voting in corportate settings, etc.)
  4. The lists of random numbers (coin flips) can be generated with standard cryptographic methods, requiring only a key to be exchanged between the appropriate participants. This eliminates the need for the one-time pad, but means the method is now only cryptographically secure, which is often sufficient. (Don't think "only cryptographically secure" means insecure...the messages may remain encrypted for the next billion years)
  5. Collisions occur when multiple messages are sent at the same time. Various schemes can be devised to handle this, like backing off when you detect another sender (when even parity is seen instead of odd parity). In large systems this is likely to be a problem. Deliberate disruption, or spamming, is a major problem--a disruptor can shut down the DC-net by sending bits out. As with remailes, anonymity means freedom from detection. (Anonymous payments to send a message may help, but the details are murky to me.)
    • Uses

13.4.9. D-H sockets, UNIX, swIPe

13.4.10. Digital Money, Banks, Credit Unions

13.4.11. Data Havens

13.4.13. Matt Blaze, AT&T, various projects

13.4.14. Software Toolkits

13.5. Responses to Our Projects (Attacks, Challenges)

13.5.1. "What are the likely attitudes toward mainstream Cypherpunks projects, such as remailers, encryption, etc.?"

13.5.2. "What are the likely attitudes toward the more outre projects, such as digital money, crypto anarchy, data havens, and the like?"

13.5.3. "What kinds of attacks can we expect?"

13.6. Deploying Crypto

13.6.1. "How can Cypherpunks publicize crypto and PGP?"

13.6.2. "What are the Stumbling Blocks to Greater Use of Encryption (Cultural, Legal, Ethical)?"

13.6.3. Practical Issues

13.6.4. "How should projects and progress best be achieved?"

13.6.5. Crypto faces the complexity barrier that all technologies face

13.6.6. "How can we general and encryption in particular?

13.7. Political Action and Opposition

13.7.1. Strong political action is emerging on the Net

13.7.2. Cypherpunks and Lobbying Efforts

13.7.3. "How can nonlibertarians (liberals, for example) be convinced of the need for strong crypto?"

13.7.4. Tension Between Governments and Citizens

13.7.5. "How does the Cypherpunks group differ from lobbying groups like the EFF, CPSR, and EPIC?"

13.7.6. Why is government control of crypto so dangerous?

13.7.7. NSA's view of crypto advocates

13.7.8. EFF

13.7.9. "How can the use of cryptography be hidden?"

13.7.10. next Computers, Freedom and Privacy Conference will be March 1995, San Francisco

13.7.11. Places to send messages to

13.7.12. Thesis: Crypto can become unstoppable if critical mass is reached

13.7.13. Keeping the crypto genie from being put in the bottle

13.7.14. Activism practicalities

13.8. The Battle Lines are Being Drawn

13.8.1. Clipper met with disdain and scorn, so now new strategies are being tried...

13.8.2. Strategies are shifting, Plan B is being hauled out

13.8.3. corporate leaders like Grove are being enlisted to make the Clipper case

13.8.4. Donn Parker is spreading panic about "anarchy" (similar to my own CA)

13.8.5. "What can be done in the face of moves to require national ID cards, use official public key registries, adhere to key escrow laws, etc?"

13.9. "What Could Make Crypto Use more Common?"

13.9.1. transparent use, like the fax machine, is the key

13.9.2. easier token-based key and/or physical metrics for security

13.9.3. major security scares, or fears over "back doors" by the government, may accelerate the conversion

13.9.4. insurance companies may demand encryption, for several reasons

13.9.5. Networks will get more complex and will make conventional security systems unacceptable

13.9.6. The revelations of surveillance and monitoring of citizens and corporations will serve to increase the use of encryption, at first by people with something to hide, and then by others. Cypherpunks are already helping by spreading the word of these situations.

13.9.7. for those in sensitive positions, the availability of new bugging methods will accelerate the conversion to secure systems based on encrypted telecommunications and the avoidance of voice-based systems

13.9.8. ordinary citizens are being threatened because of what they say on networks, causing them to adopt pseudonyms

13.9.9. "agents" that are able to retransmit material will make certain kinds of anonymous systems much easier to use

13.10. Deals, the EFF, and Digital Telephony Bill

13.10.1. The backroom deals in Washington are flying...

apparently the Administration got burned by the Clipper fiasco (which they could partly write-off as being a leftover from the Bush era) and is now trying to "work the issues" behind the scenes before unveiling new and wide-reaching programs. (Though at this writing, the Health Bill is looking mighty amateurish and seems ulikely to pass.)

13.10.2. We are not hearing about these "deals" in a timely way.

I first heard that a brand new, and "in the bag," deal was cooking when I was talking to a noted journalist. He told me that a new deal, cut between Congress, the telecom industry, and the EFF-type lobbying groups, was already a done deal and would be unveiled so. Sure enough, the New and Improved Digital Telephony II Bill appears a few weeks later and is said by EFF representatives to be unstoppable. [comments by S. McLandisht and others, comp.org.eff.talk, 1994-08]

13.10.3. Well, excuse me for reminding everyone that this country is allegedly still a democracy.

I know politics is done behinde closed doors, as I'm no naif, but deal-cutting like this deserves to be exposed and derided.

13.10.4. I've announced that I won't be renewing my EFF membership.

I don't expect them to fight all battles, to win all wars, but I sure as hell won't help pay for their backrooms deals with the telcos.

13.10.5. This may me in trouble with my remaining friends at the EFF,

but it's as if a lobbying groups in Germany saw the handwriting on the wall about the Final Solution, deemed it essentially unstoppable, and so sent their leaders to Berchtesgaden/Camp David to make sure that the death of the Jews was made as painless as possible. A kind of joint Administration/Telco/SS/IG Farben "compromise." While I don't equate Mitch, Jerry, Mike, Stanton, and others with Hitler's minions, I certainly do think the inside-the-Beltway dealmaking is truly disgusting.

13.10.6. Our freedoms are being sold out.

13.11. Loose ends

13.11.1. Deals, deals, deals!

13.11.2. using crypto to bypass laws on contacts and trade with other countries

13.11.3. Sun Tzu's "Art of War" has useful tips (more useful than "The Prince")

13.11.4. The flakiness of current systems...

13.11.5. "Are there dangers in being too paranoid?"

13.11.6. The immorality of U.S. boycotts and sanctions

13.11.7. The "reasonableness" trap

13.11.8. "How do we get agreement on protocols?"

14. Other Advanced Crypto Applications

THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, 1994-09-10, Copyright Timothy C. May. All rights reserved. See the detailed disclaimer. Use short sections under "fair use" provisions, with appropriate credit, but don't put your name on my words.

14.2. SUMMARY: Other Advanced Crypto Applications

14.2.1. Main Points

14.2.2. Connections to Other Sections

14.2.3. Where to Find Additional Information

14.2.4. Miscellaneous Comments

14.3. Digital Timestamping

14.3.1. digital timestamping

14.3.2. my summary

14.4. Voting

14.4.1. fraud, is-a-person, forging identies, increased "number" trends

14.4.2. costs also high

14.4.3. Chaum

14.4.4. voting isomorphic to digital money

14.5. Timed-Release Crypto

14.5.1. "Can anything like a "cryptographic time capsule" be built?"

14.5.2. Needs

14.5.3. How

14.6. Traffic Analysis

14.6.1. digital form, and headers, LEAF fields, etc., make it vastly easier to know who has called whom, for how long, etc.

14.6.2. (esp. in contrast to purely analog systems)

14.7. Steganography

14.7.1. (Another one of the topics that gets a lot of posts)

14.7.2. Hiding messages in other messages

14.7.3. Peter Wayner's "Mimic"

14.7.4. I described it in 1988 or 89 and many times since

14.7.5. Stego, other versions

14.7.6. WNSTORM, Arsen Ray Arachelian

14.7.7. talk about it being used to "watermark" images

14.7.8. Crypto and steganography used to plant false and misleading nuclear information

14.7.9. Postscript steganography

14.8. Hiding cyphertext

14.8.1. "Ciphertext can be "uncompressed" to impose desired statistical properties. A non-adaptive first-order arithmetic decompression will generate first-order symbol frequencies that emulate, for instance, English text." [Rick F. Hoselton, sci.crypt, 1994-07-05]

14.9. 'What are tamper-responding or tamper-resistant modules?"

14.9.1. The more modern name for what used to be called "tamper-proof boxes"

14.9.2. Uses:

14.9.3. Bypassing tamper-responding or tamper-resistant technologies

14.10. Whistleblowing

14.10.1. This was an early proposed use (my comments on it go back to 1988 at least), and resulted in the creation of alt.whisteblowers.

14.10.2. outing the secret agents of a country, by posting them anonymously to a world-wide Net distribution...that ought to shake things up

14.11. Digital Confessionals

14.11.1. religious confessionals and consultations mediated by digital links...very hard for U.S. government to gain access

14.11.2. ditto for attorney-client conversations, for sessions with psychiatrists and doctors, etc.

14.11.3. (this does not meen these meetings are exempt from the law...witness Feds going after tainted legal fees, and bugging offices of attorneys suspected of being in the drug business)

14.12. Loose Ends

14.12.1. Feigenbaum's "Computing with Encrypted Instances" work...links to Eric Hughes's "encrypted open books" ideas.

15. Reputations and Credentials


THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, 1994-09-10, Copyright Timothy C. May. All rights reserved. See the detailed disclaimer. Use short sections under "fair use" provisions, with appropriate credit, but don't put your name on my words.

15.2. SUMMARY: Reputations and Credentials

15.2.1. Main Points

15.2.2. Connections to Other Sections

15.2.3. Where to Find Additional Information

15.2.4. Miscellaneous Comments

15.3. The Nature of Reputations

15.3.1. The claim by many of us that "reputations" will take care of many problems in crypto anarchic markets is disputed by some (notably Eric Hughes). To be sure, it will not be a trivial issue. Institutions take years or decades to evolve.

15.3.2. However, think of how often we use reputations: friends, books, movies, restaurants, etc

15.3.3. Reputations and other institutions will take time to evolve. Saying "the market will talke care of things" may be true, but this may take time. The "invisible hand" doesn't necessarily move swiftly.

15.3.4. "What are 'reputations' and why are they so important?"

15.3.5. "How are reputations acquired, ruined, transferred, etc.?"

15.3.6. "Are they foolproof? Are all the questions answered?"

15.3.7. Reputations have many aspects

15.4. Reputations, Institutions

15.5. Reputation-Based Systems and Agoric Open Systems

15.5.1. Evolutionary systems and markets

15.5.2. shell games...who knows what?

15.5.3. key is that would-be "burners" must never know when they are actually being tested

15.5.4. another key: repeat business...when the gains from burning

someone are greater than the expected future business...

15.5.5. reputations are what keep CA systems from degenerating into flamefests

15.5.6. "brilliant pennies" scam

15.5.7. "reputation float" is how money can be pulled out of the future value of a reputation

15.5.8. Reputation-based systems and repeat business

15.6. Reputations and Evolutionary Game Theory

15.6.1. game of "chicken," where gaining a rep as tough guy, or king of the hill, can head off many future challenges (and hence aid in survival, differential reproduction)

15.7. Positive Reputations

15.7.1. better than negative reputations, because neg reps can be discarded by pseudonym holdes (neg reps are like allowing a credit card to be used then abandoned with a debt on it)

15.7.2. "reputation capital"

15.8. Practical Examples

15.8.1. "Are there any actual examples of software-mediated reputation systems?"

15.8.2. Absent laws which ban strong crypto (and such laws are themselves nearly unenforceable), it will be essentially impossible to stop anonymous transactions and purely reputation-based systems.

15.8.3. Part of the "phase change": people opt out of the permissionslip society via strong crypto, making their own decisions on who to trust, who to deal with, who to make financial arrangements with

15.9. Credentials and Reputations

15.9.1. debate about credentials vs. reputations

15.9.2. Credentials are not as important as many people seem to think

15.9.3. Proving possession of some credential

15.10. Fraud and False Accusations

15.10.1. "What if someone makes a false accusation?"

15.10.2. Scams, Ponzi Schemes, and Oceania

15.11. Loose Ends

15.11.1. Selective disclosure of truth

15.11.2. Crytography allows virtual networks to arrange by cryptographic collusion certain goals. Beyond just the standard "cell" system, it allows arrrangements, plans, and execution.

16. Crypto Anarchy


THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, 1994-09-10, Copyright Timothy C. May. All rights reserved. See the detailed disclaimer. Use short sections under "fair use" provisions, with appropriate credit, but don't put your name on my words.

16.2. SUMMARY: Crypto Anarchy

16.2.1. Main Points

16.2.2. Connections to Other Sections

16.2.3. Where to Find Additional Information

16.2.4. Miscellaneous Comments

16.3. Introduction

16.3.1. "The revolution will not be televised. The revolution will, however, be digitized." Welcome to the New Underworld Order! (a term I have borrowed from writer Claire Sterling.)

16.3.2. "Do the views here express the views of the Cypherpunks as a whole?"

16.3.4. Early history of crypto anarchy

16.4. The Crypto Anarchist Manifesto

16.4.1. Unchanged since it's writing in mid-1988, except for my email address.

16.4.2.

The Crypto Anarchist Manifesto

Timothy C. May tcmay@netcom.com A specter is haunting the modern world, the specter of crypto anarchy. Computer technology is on the verge of providing the ability for individuals and groups to communicate and interact with each other in a totally anonymous manner. Two persons may exchange messages, conduct business, and negotiate electronic contracts without ever knowing the True Name, or legal identity, of the other. Interactions over networks will be untraceable, via extensive re-routing of encrypted packets and tamper-proof boxes which implement cryptographic protocols with nearly perfect assurance against any tampering. Reputations will be of central importance, far more important in dealings than even the credit ratings of today. These developments will alter completely the nature of government regulation, the ability to tax and control economic interactions, the ability to keep information secret, and will even alter the nature of trust and reputation. The technology for this revolution--and it surely will be both a social and economic revolution--has existed in theory for the past decade. The methods are based upon public-key encryption, zero-knowledge interactive proof systems, and various software protocols for interaction, authentication, and verification. The focus has until now been on academic conferences in Europe and the U.S., conferences monitored closely by the National Security Agency. But only recently have computer networks and personal computers attained sufficient speed to make the ideas practically realizable. And the next ten years will bring enough additional speed to make the ideas economically feasible and essentially unstoppable. High-speed networks, ISDN, tamper-proof boxes, smart cards, satellites, Ku-band transmitters, multi-MIPS personal computers, and encryption chips now under development will be some of the enabling technologies. The State will of course try to slow or halt the spread of this technology, citing national security concerns, use of the technology by drug dealers and tax evaders, and fears of societal disintegration. Many of these concerns will be valid; crypto anarchy will allow national secrets to be trade freely and will allow illicit and stolen materials to be traded. An anonymous computerized market will even make possible abhorrent markets for assassinations and extortion. Various criminal and foreign elements will be active users of CryptoNet. But this will not halt the spread of crypto anarchy. Just as the technology of printing altered and reduced the power of medieval guilds and the social power structure, so too will cryptologic methods fundamentally alter the nature of corporations and of government interference in economic transactions. Combined with emerging information markets, crypto anarchy will create a liquid market for any and all material which can be put into words and pictures. And just as a seemingly minor invention like barbed wire made possible the fencing- off of vast ranches and farms, thus altering forever the concepts of land and property rights in the frontier West, so too will the seemingly minor discovery out of an arcane branch of mathematics come to be the wire clippers which dismantle the barbed wire around intellectual property. Arise, you have nothing to lose but your barbed wire fences!

16.5. Changes are Coming

16.5.1. Technology is dramatically altering the nature of governments.

16.5.2. Dangers of democracy in general and electronic democracy in particular

16.5.3. The collapse of democracy is predicted by many

16.5.4. Depredations of the State

16.5.5. Things are likely to get worse, financially (a negative view,though there are also reasons to be optimistic)

16.5.6. Borders are becoming transparent to data...terabytes a day are flowing across borders, with thousands of data formats and virtually indistinguishable from other messages. Compressed files, split files, images, sounds, proprietary encryption formats, etc. Once can almost pity the NSA in the hopelessness of their job.

16.6. Free Speech and Liberty--The Effects of Crypto

16.6.1. "What freedom of speech is becoming."

16.6.2. We don't really have free speech

16.7. The Nature of Anarchies

16.7.1. Anarchy doesn't mean chaos and killing

16.7.2. Leftists can be anarchists, too

16.7.3. Anarchic development

16.7.4. The world financial system is a good example: beyond the reach of any single government, even the U.S. New World Order, money moves and flows as doubts and concerns appear. Statist governments are powerless to stop the devaluation of their currencies as investors move their assets (even slight moves can have large marginal effects).

16.8. The Nature of Crypto Anarchy

16.8.1. "What is Crypto Anarchy?"

16.8.2. "Anarchy turns people off...why not a more palatable name?"

16.8.3. Voluntary interactions involve Schelling points, mutually- agreed upon points of agreement

16.8.4. Crypto anarchy as an ideology rather than as a plan.

16.9. Uses of Crypto Anarchy

16.9.1. Markets unfettered by local laws (digital black markets, least for items that can be moved through cyberspace)

16.9.2. Espionage

16.10. The Implications-Negative and Positive-of Crypto Anarchy 16.10.1. "What are some implications of crypto anarchy?"

16.10.3. The Positive Side of Crypto Anarchy

16.10.4. Will I be sad if anonymous methods allow untraceable markets for assassinations? It depends. In many cases, people deserve death--those who have escaped justice, those who have broken solemn commitments, etc. Gun grabbing politicians, for example should be killed out of hand. Anonymous rodent removal services will be a tool of liberty. The BATF agents who murdered Randy Weaver's wife and son should be shot. If the courts won't do it, a market for hits will do it.

16.10.5. on interference in business as justified by "society supports you" arguments (and "opting out)

16.11. Ethics and Morality of Crypto Anarchy

16.11.1. "How do you square these ideas with democracy?"

16.11.2. "Is there a moral responsibility to ensure that the overall effects of crypto anarchy are more favorable than unfavorable before promoting it?"

16.11.3. "Should individuals have the power to decide what they will reveal to others, and to authorities?"

16.11.4. "Aren't there some dangers and risks to letting people pick and choose their moralities?"

16.11.5. "As a member of a hated minority (crypto anarchists) I'd rather take my chances on an open market than risk official discrimination by the state...Mercifully, the technology we

are developing will allow everyone who cares to to decline to participate in this coercive allocation of power." [Duncan Frissell, 1994-09-08]

16.11.6. "Are there technologies which should be "stopped" even before they are deployed?"

16.11.7. "Won't crypto anarchy allow some people to do bad things?"

16.12. Practical Problems with Crypto Anarchy

16.12.1. "What if "bad guys" use unbreakable crypto?"

16.12.2. Dealing with the "Abhorrent Markets"

16.12.3. "How is fraud dealt with in crypto anarchy?"

16.12.4. "How do we know that crypto anarchy will work? How do we know that it won't plunge the world into barbarism, nuclear war, and terror?"

16.12.5. It is true that crypto anarchy is not for everyone. Some will be too incompetent to prepare to protect themselves, and will want a protector. Others will have poor business sense.

16.12.6. "But what will happen to the poor people and those on welfare if crypto anarchy really succeeds?"

16.13. Black Markets

16.13.1. "Why would anyone use black markets?"

16.13.2. Crypto anarchy opens up some exciting possibilities for collusion in financial deals, for insider trading, etc.

16.13.3. Information Markets

16.13.4. Black Markets, Informal Economies, Export Laws

16.13.5. Smuggling and Black Markets

16.13.6. Organized Crime and Cryptoanarchy

16.13.7. "Digital Escrow" accounts for mutually suspicious parties, especially in illegal transactions

16.13.8. Private companies are often allies of the government with regards to black markets (or grey markets)

16.14. Money Laundering and Tax Avoidance

16.14.1. Hopelessness of controlling money laundering + I see all this rise in moneylaundering as an incredibly hopeful trend, one that will mesh nicely with the use of

  cryptography
 - why should export of currency be limited?
 - what's wrong with tax evasion, anyway?

16.14.2. Taxes and Crypto

16.14.3. Capital Flight

16.14.4. Money Laundering and Underground Banks

16.14.5. Private Currencies, Denationalization of Money

16.14.6. Tax Evasion Schemes

16.14.7. "Denationalization of Money"

16.15. Intellectual Property

16.15.1. Concepts of property will have to change

16.15.2. Intellectual property debate

16.16. Markets for Contract Killings, Extortion, etc.

16.16.1. Note: This is a sufficiently important topic that it deserves its own heading. There's material on this scattered around this document, material I'll collect together when I get a chance.

16.16.2. This topic came up several times on then Extropians mailing list, where David Friedman (author of "The Machinery of Freedom" and son of Nobel Prize winner Milton Friedman) and Robin Hanson debated this with me.

16.16.3. Doug Cutrell summarized the concerns of many when he wrote:

16.16.4. Abhorrent markets

16.16.5. Dealing with Such Things:

16.17. Persistent Institutions

16.17.1. Strong crypto makes possible the creation of institutions which can persist for very long periods of time, perhaps for centuries.

16.17.2. all of these "persistent" services (digital banks, escrow services, reputation servers, etc.) require much better protections against service outages, seizures by governments, natural disasters, and even financial collapse than do most existing computer services-an opportunity for offshore escrowlike services

16.17.3. Escrow Services

16.17.4. Reputation-Based Systems

16.17.5. Crypto Banks and the "Shell Game" as a Central Metaphor + Central metaphor: the Shell Game

16.17.6. cryonicists will seek "crypto-trusts" to protect their assets + again, the "crypto" part is not really necessary, given

  trustworthy lawyers and similar systems

16.18. Organized Crime: Triads, Yakuza, Mafia, etc.

16.18.1. "The New Underworld Order"

16.18.2. "Is the criminal world interested in crypto? Could they be early adopters of these advanced techniques?"

16.18.3. crypto provides some schemes for more secure drug distribution

16.19. Privately Produced Law, Polycentric Law, Anarcho-Capitalism

16.19.1. "my house, my rules"

16.19.2. a la David Friedman

16.19.3. markets for laws, Law Merchant

16.19.4. the Cypherpunks group is itself a good example:

16.19.5. I have absolutely no faith in the law when it comes to cyberspatial matters (other matters, too).

16.19.6. Contracts and Cryptography

won't sign such contracts are free to sue--but will of course have to pay more for health care. and frivolous malpractice lawsuits have increased operating costs. (Recall the her psychic powers were lost after a CAT scan. awarded her millions of dollars. Cf. on liability laws.)

16.19.7. Ostracism, Banishment in Privately Produced Law

16.19.8. Governments, Cyberspaces, PPLs

16.19.9. No recourse in the courts with crypto-mediated systems

16.19.10. Fraud

16.19.11. PPLs, polycentric law

16.20. Libertaria in Cyberspace

16.20.1. what it is

16.20.2. parallels to Oceania, Galt's Gulch

16.20.3. Privacy in communications alters the nature of connectivity

16.21. Cyberspace, private spaces, enforcement of rules, and technology


16.21.1. Consider the "law" based approach

16.21.2. The technological approach:

16.21.3. This is a concrete example of how crypto acts as a kind of building material

16.21.4. Virtual Communities-the Use of Virtual Networks to Avoid Government

16.21.5. These private spaces will, as technology makes them more "livable" (I don't mean in a full sense, so don't send me notes about how "you can't eat cyberspace"), become full- functioned "spaces" that are outside the reach of governments. A new frontier, untouchable by outside, coercive governments.

16.21.6. "Can things really develop in this "cyberspace" that so many of us talk about?"

16.21.7. Protocols for this are far from complete

16.22. Data Havens

16.22.1. "What are data havens?"

16.22.2. "Can there be laws about what can be done with data?"

16.22.3. Underground Networks, Bootleg Research, and Information Smuggling

16.22.4. Illegal Data

16.22.5. "the Switzerland of data"

16.22.6. Information markets may have to move offshore, due to licensing and other restrictions

16.23. Undermining Governments--Collapse of the State

16.23.1. "Is it legal to advocate the overthrow of governments or the breaking of laws?"

16.23.2. Espionage and Subversion of Governments Will be Revolutionized by Strong Crypto

16.23.3. "Xth Column" (X = encrypted)

16.23.4. use of clandestine, cell-based systems may allow a small group to use "termite" methods to undermine a society, to destroy a state that has become too repressive (sounds like the U.S. to me)

16.23.5. "Why won't government simply ban such encryption methods?" + This has always been the Number One Issue!

16.23.6. "How will the masses be converted?"

16.23.7. As things seem to be getting worse, vis-a-vis the creation of a police state in the U.S.--it may be a good thing that anonymous assassination markets will be possible. It may help to level the playing field, as the Feds have had their hit teams for many years (along with their safe houses, forged credentials, accommodation addresses, cut-outs, and other accouterments of the intelligence state).

16.24. Escrow Agents and Reputations

16.24.1. Escrow Agents as a way to deal with contract renegging

16.24.2. Use of escrow services as a substute for government

16.24.3. Several people have raised the issue of someone in an anonymous transaction simply taking the money and not performing the service (or the flip side). This is where intermediaries come into the picture, just as in the real worl (bonds, escrow agents, etc.).

16.24.4. Alice and Bob wish to conduct an anonymous transaction; each is unknown to the other (no physical knowledge, no pseudonym reputation knowledge). These "mutually suspicious agents," in 1960s- and 70s-era computer science lingo, must arrange methods to conduct business while not trusting the other.

16.24.5. Various cryptographic protocols have been developed for such things as "bit commitment" (useful in playing poker over the phone, for example). I don't know of progress made at the granularity of anonymous transactions, though. (Though the cryptographic protocol building blocks at lower levels--such as bit commitment and blobs--will presumably be used eventually at higher levels, in markets.)

16.24.6. I believe there is evidence we can shorten the cycle by borrowing noncryptographic protocols (heresy to purists!) and adapting them. Reputations, for example. And escrow agents (a form of reputation, in that the "value" of a bonding entity or escrow agent lies in reputation capital).

16.24.7. if a single escrow agent is suspected of being untrustworthy (in a reputation capital sense), then can use multiple escrows

16.25. Predictions vs. Implications

16.25.1. "How do we know that crypto anarchy will 'work,' that the right institutions will emerge, that wrongs will be righted, etc.?"

16.25.2. My thinking on crypto anarchy is not so much prediction as examination of trends and the implications of certain things. Just as steel girders mean certain things for the design of buildings, so too does unbreakable crypto mean certain things for the design of social and economic systems.

16.25.3. Several technologies are involved:

16.25.4. (Note: Yes, it's sometimes dangerous to say "unbreakable," "untraceable," and "unforgeable." Purists eschew such terms. All crypto is economics, even information-theoretically secure crypto (e.g., bribe someone to give you the key, break in and steal it, etc.). And computationally-secure crypto-such as RSA, IDEA, etc.--can in principle be brute-forced. In reality, the costs may well be exhorbitantly high...perhaps more energy than is available in the entire universe would be needed. Essentially, these things are about as unbreakable, untraceable, and unforgeable as one can imagine.)

16.25.5. "Strong building materials" implies certain things. Highways, bridges, jet engines, etc. Likewise for strong crypto, though the exact form of the things that get built is still unknown. But pretty clearly some amazing new structures will be built this way.

16.25.6. Cyberspace, walls, bricks and mortar...

16.25.7. "Will strong crypto have the main effect of securing current freedoms, or will it create new freedoms and new situations?"

16.25.8. "Will all crypto-anarchic transactions be anonymous?"

16.26. How Crypto Anarchy Will Be Fought

16.26.1. The Direct Attack: Restrictions on Encryption

16.26.2. Another Direct Attack: Elimination of Cash

16.26.3. Another Direct Attack: Government Control of Encryption, Networks, and Net Access

16.26.4. An Indirect Attack: Insisting that all economic transactions be "disclosed" (the "Full Disclosure Society" scenario)

16.26.5. Attempts to discredit reputation-based systems by deceit, fraud, nonpayment, etc.

16.26.6. Licensing of software developers may be one method used to try to control the spread of anonymous systems and information markets

16.26.7. RICO-like seizures of computers and bulletin board systems - sting operations and setups

16.26.8. Outlawing of Digital Pseudonyms and Credentialling + may echoe the misguided controversy over Caller ID

16.26.9. Anonymous systems may be restricted on the grounds that they constitute a public nuisance

16.26.10. Corporations may be effectively forbidden to hire consultants or subcontractors as individuals

16.26.11. There may be calls for U.N. control of the world banking system in the wake of the BCCI and similar scandals

16.26.12. "National security"

16.26.13. Can authorities force the disclosure of a key?

16.27. How Crypto Anarchy Advocates Will Fight Back

16.27.1. Bypassing restrictions on commercial encryption packages by not making them "commercial"

16.27.2. Noise and signals are often indistinguishable

16.27.3. Timed-release files (using encryption) will be used to hide files, to ensure that governments cannot remove material they don't like

16.27.5. The Master Plan to Fight Restrictions on Encryption

16.28. Things that May Hide the Existence of Crypto Anarchy

16.28.1. first and foremost, the incredible bandwidth, the bits sloshing around the world's networks...tapes being exchanged, PCs calling other PCs, a variety of data and compression formats, ISDN, wireless transmission, etc.

16.28.2. in the coming years, network traffic will jump a thousandfold, what with digital fax, cellular phones and computers, ISDN, fiber optics, and higher-speed modems

16.28.3. corporations and small groups will have their own private LANs and networks, with massive bandwidth, and with little prospects that the government can police them-there can be no law requiring that internal communications be readable by the government!

16.28.4. AMIX-like services, new services, virtual reality (for games, entertainment, or just as a place of doing business) etc.

16.28.5. steganography

16.28.6. in the sense that these other things, such as the governments own networks of safe houses, false identities, and bootleg payoffs, will tend to hide any other such systems that emerge

16.28.7. Government Operations that Resemble Cryptoanarchy will Confuse the Issues

16.28.8. Encrypted Traffic Will Increase Dramatically

16.28.9. Games, Religions, Legal Consultation, and Other "Covers" for the Introduction and Proliferation of Crypto Anarchy

16.28.10. Compressed traffic will similarly increase

16.29. The Coming Phase Change

16.29.1. "We'd better hope that strong cypto, cheap telecoms and free markets can provide the organizing basis for a workable society because it is clear that coercion as an organizing principle ain't what it used to be." [Duncan Frissell, in his sig, 4-13-94]

16.29.2. "What is the "inevitability" argument?"

16.29.3. "What is the "crypto phase change"?"

16.29.4. "Can crypto anarchy be stopped?"

16.29.5. Need not be a universal or even popular trend

16.29.6. "National borders are just speedbumps on the digital superhighway."

16.29.7. "Does crypto anarchy have to be a mass movement to succeed?" - Given that only a tiny fraction is now aware of the implications...

16.29.8. Strong crypto does not mean the end to law enforcement

16.30. Loose Ends

16.30.1. governments may try to ban the use of encryption in any broadcast system, no matter how low the power, because of a realization that all of them can be used for crypto anarchy and espionage

16.30.2. "tontines"

16.30.3. Even in market anarchies, there are times when a top-down, enforced set of behaviors is desirable. However, instead of being enforced by threat of violence, the market itself enforces a standard.

16.30.4. Of course, nothing stops people from hiring financial advisors, lawyers, and even "Protectors" to shield them from the predations of others. Widows and orphans could choose conservative conservators, while young turks could choose to go it alone.

16.30.5. on who can tolerate crypto anarchy

16.30.6. Local enforcement of rules rather than global rules

16.30.7. Locality is a powerful concept

17. The Future


THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, 1994-09-10, Copyright Timothy C. May. All rights reserved. See the detailed disclaimer. Use short sections under "fair use" provisions, with appropriate credit, but don't put your name on my words.

17.2. SUMMARY: The Future

17.2.1. Main Points

17.2.2. Connections to Other Sections

17.2.3. Where to Find Additional Information

17.2.4. Miscellaneous Comments

17.3. Progress Needed

17.3.1. "Why have most of the things Cypherpunks talk about not happened?"

17.4. Future Directions

17.4.1. "What are some future directions?"

17.4.2. The Future of the List

17.4.3. What if encryption is outlawed?

17.4.4. "Should Cypherpunks be more organized, more like the CPSR, EFF, and EPIC?"

17.4.5. Difficult to Set Directions

17.4.6. The Heart and Soul of Cypherpunks?

17.4.7. Possible Directions

17.4.8. Goals (as I see them)

17.4.9. A Vision of the Future

17.4.10. Key concepts are the way to handle the complexity of crypto

17.5. Net of the Future

17.5.1. "What role, if any, will MUDs, MOOs, and Virtual Realities play?"

17.5.2. keyword-based

17.5.3. dig sig based (reputation-based)

17.5.4. pools and anonymous areas may be explicitly supported

17.5.5. better newsreaders, screens, filters

17.5.6. Switches

17.5.7. "What limits on the Net are being proposed?"

17.6. The Effects of Strong Crypto on Society

17.6.1. "What will be the effects of strong crypto, ultimately, on the social fabric?"

17.6.2. The revelations of surveillance and monitoring of citizens and corporations will serve to increase the use of encryption, at first by people with something to hide, and then by others. Cypherpunks are already helping by spreading the word of these situations.

17.6.3. People making individual moral choices

17.7. New Software Tools and Programming Frameworks

17.7.1. Needed software

17.7.2. Object-oriented tools

17.7.3. Protocol Ecologies

17.7.4. Use of autonomous agents (slaves?)

17.7.5. Tools

17.7.6. "What programming framework features are needed?"

17.7.7. Frameworks, Tools, Capabilities

17.8. Complexity

17.8.1. The shifting sands of modern, complex systems

17.8.2. "Out of Control"

17.8.3. A fertile union of cryptology, game theory, economics, and ecology

17.9. Crypto Standards

17.9.1. The importance of standards

17.10. Crypto Research

17.10.1. Academic research continues to increase

17.10.2. "What's the future of crypto?"

17.10.3. Ciphers are somewhat like knots...the right sequence of moves unties them, the wrong sequence only makes them more tangled. ("Knot theory" is becoming a hot topic in math and physics (work of Vaughn Jones, string theory, etc.) and I suspect there are some links between knot theory and crypto.)

17.10.4. Game theory, reputations, crypto -- a lot to be done here

17.10.5. More advanced areas, newer approaches

17.10.6. Comments on crypto state of the art today vs. what is likely to be coming

17.11. Crypto Armageddon? Cryptageddon?

17.11.1. "Will there be a "Waco in cyberspace"?"

17.11.2. Attacks to come

17.12. "The Future's So Bright, I Gotta Wear Shades"

17.12.1. Despite the occasionally gloomy predictions, things look pretty good.No guarantees, of course, but trends that are

favorable. No reason for us to rest, though.

17.12.2. Duncan Frissell puts it this way:

17.13. "Will cryptography really bring on the Millenium?"

17.13.1. Yes. And cats will move in with dogs, Snapple will rain from the sky, and P will be shown unequal to NP.

17.13.2. Seriously, the implications of strong privacy, of cyberspatial economies, and of borders becoming transparent are enormous. The way governments do business is already changing, and this will change things even more dramatically. The precise form may be unpredictable, but certain end states are fairly easy to predict in broad brush strokes.

17.13.3. "How do we know the implications of crypto are what I've claimed?"

17.13.4. "When will it all happen? When will strong crypto really begin to have a major effect on the economy?"

17.13.5. "But will crypto anarchy actually happen?"

17.13.6. "Has the point of no return been passed on strong crypto?"

17.14. Loose Ends

17.14.1. firewalls, virtual perimeters, swIPe-type encrypted tunnels, an end to break-ins,

17.14.2. "What kind of encryption will be used with ATM?"

17.14.3. Shapes of things to come, maybe...(laws of other countries)

17.14.4. Cyberspace will need better protection

18. Loose Ends and Miscellaneous Topics


THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, 1994-09-10, Copyright Timothy C. May. All rights reserved. See the detailed disclaimer. Use short sections under "fair use" provisions, with appropriate credit, but don't put your name on my words.

18.2. SUMMARY: Loose Ends and Miscellaneous Topics

18.2.1. Main Points

18.2.2. Connections to Other Sections

18.2.3. Where to Find Additional Information

18.2.4. Miscellaneous Comments

18.3. Quantum Cryptography

18.3.1. "What is quantum cryptography?"

18.3.2. "What about quantum cryptography?"

18.4. Chaotic Cryptography

18.4.1. the oscillator scheme was broken at Crypto '94

18.5. Neural Nets and AI in Crypto

18.5.1. "What about neural nets and AI in crypto?"

18.5.2. Evolutionary or Genetic Programming

18.6. Miscellaneous Advanced Crypto Ideas

18.6.1. "Why have provably "NP-complete" problems not found uses in crypto?"

18.6.2. "Can cellular automata, like Conway's "Game of Life," be used for cryptography?"

18.7. Viruses and Crypto

18.7.1. "What's the connection between Cypherpunks and viruses?"

18.7.2. "What about the "encryption viruses," like KOH?"

18.7.3. "What about viruses? Are there any ties to crypto and Cypherpunks themes?"

18.7.4. "What interests do Cypherpunks have in viruses?"

18.8. Making Money in Crypto

18.8.1. "How can I make money in crypto?"

18.9.1. Limitations of the current net

18.10. Duress Switches, Dead Man Switches

18.10.1. "What about "duress" codes for additional security?"

18.10.2. Duress switches, dead man switches, etc.

18.10.3. Personal security for disks, dead man switches

18.11. Can Encryption be Detected?

18.11.1. "Can messages be scanned and checked for encryption?"

18.12. Personal Digital Assistants, Newtons, etc.

18.12.1. "Are there cryptographic uses for things like Newtons?"

18.13. Physical Security

18.13.1. "Can fiber optical cables be tapped?"

18.14. Attacking Governments

18.14.1. "termites" (rumors, psy-ops) that can undermine governments, followed by "torpedoes" (direct attack)

18.14.2. WASTE (War Against Strong, Tamper-resistant Encryption).

18.15. Cypherpunks List Issues

18.15.1. too much noise on the list?

18.16. Tamper-Resistant Modules

18.16.1. TRMs--claims that "Picbuster" processor can be locally overwritten with focussed or directed UV (OTP)

18.16.2. tamper-resistant modules have some downsides as well

18.17. Deeper Connections

18.17.1. In several places I've referred to "deep connections" between things like crypto, money, game theory, evolutionary ecologies, human motivations, and the nature of law. By this I mean that there are deeper, unifying principles. Principles involving locality, identity, and disclosure of knowledge. A good example: the deep fairness of "cut-and-choose" protocols- -I've seen mention of this in game theory tesxts, but not much discussion of other, similar protocols.

18.17.2. For example, below the level of number theory and algorithms in cryptology lies a level dealing with "identity," "proof," "collusion," and other such core concepts, concepts that can almost be dealt with independent of the acual algorithms (though the concrete realization of public key methods took this out of the abstract realm of philosophy and made it important to analyze). And these abstract concepts are linked to other fields, such as economics, human psychology, law, and evolutionary game theory (the study of evolved strategies in multi-agent systems, e.g., human beings interacting and trading with each other).

18.17.3. I believe there are important questions about why things work the way they do at this level. To be concrete, why do threats of physical coercion create market distortions and what effects does this have? Or, what is the nature of emergent behavior in reputation-based systems? (The combinatiion of crypto and economics is a fertile area, barely touched upon by the academic cryptology community.) Why is locality is important, and what does this mean for digital cash? Why does regulation often produce more crime?

18.17.4. Crypto and the related ideas of reputation, identity, and webs of trust has introduced a new angle into economic matters. I suspect there are a couple of Nobel Prizes in Economics for those who integrate these important concepts.

18.18. Loose End Loose Ends

18.18.1. What the core issues are...a tough thing to analyze

18.18.2. Price signalling in posts...for further information

18.18.3. "What should Cypherpunks support for "cable" or "set-top box" standards?

18.18.4. minor point: the importance of "But does it scale?" is often exaggerated

19. Appendices


THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, 1994-09-10, Copyright Timothy C. May. All rights reserved. See the detailed disclaimer. Use short sections under "fair use" provisions, with appropriate credit, but don't put your name on my words.

19.2. SUMMARY: Appendices

19.2.1. Main Points

19.2.2. Connections to Other Sections

19.2.3. Where to Find Additional Information

19.2.4. Miscellaneous Comments

19.3. Appendix -- Sites, Addresses, URL/Web Sites, Etc.

19.3.1. be sure to get soda address straight!!! [use clones]

19.3.2. How to use this section

19.3.3. General Crypto and Cypherpunks Sites

19.3.4. PGP Information and Sites

19.3.5. Key Servers

19.3.6. Remailer Sites

19.3.7. Mail-to-Usenet gateways:

19.3.8. Government Information

19.3.9. Clipper Info

19.3.10. Other

19.3.11. Crypto papers

19.3.12. CPSR URL

19.4. Appendix -- Glossary

19.4.1. Comments

19.4.2. agoric systems -- open, free market systems in which voluntary transactions are central.

19.4.3. Alice and Bob -- crypographic protocols are often made clearer by considering parties A and B, or Alice and Bob, performing some protocol. Eve the eavesdropper, Paul the prover, and Vic the verifier are other common stand-in names.

19.4.4. ANDOS -- all or nothing disclosure of secrets.

19.4.5. anonymous credential -- a credential which asserts some right or privelege or fact without revealing the identity of the holder. This is unlike CA driver's licenses.

19.4.6. assymmetric cipher -- same as public key cryptosystem.

19.4.7. authentication -- the process of verifying an identity or credential, to ensure you are who you said you were.

19.4.8. biometric security -- a type of authentication using fingerprints, retinal scans, palm prints, or other physical/biological signatures of an individual.

19.4.9. bit commitment -- e.g., tossing a coin and then committing to the value without being able to change the outcome. The blob is a cryptographic primitive for this.

19.4.10. BlackNet -- an experimental scheme devised by T. May to underscore the nature of anonymous information markets. "Any and all" secrets can be offered for sale via anonymous mailers and message pools. The experiment was leaked via remailer to the Cypherpunks list (not by May) and thence to several dozen Usenet groups by Detweiler. The authorities are said to be investigating it.

19.4.11. blinding, blinded signatures -- A signature that the signer does not remember having made. A blind signature is always a cooperative protocol and the receiver of the signature provides the signer with the blinding information.

19.4.12. blob -- the crypto equivalent of a locked box. A cryptographic primitive for bit commitment, with the properties that a blobs can represent a 0 or a 1, that others cannot tell be looking whether it's a 0 or a 1, that the creator of the blob can "open" the blob to reveal the contents, and that no blob can be both a 1 and a 0. An example of this is a flipped coin covered by a hand.

19.4.13. BnD -

19.4.14. Capstone -

19.4.15. channel -- the path over which messages are transmitted. Channels may be secure or insecure, and may have eavesdroppers (or enemies, or disrupters, etc.) who alter messages, insert and delete messages, etc. Cryptography is the means by which communications over insecure channels are protected.

19.4.16. chosen plaintext attack -- an attack where the cryptanalyst gets to choose the plaintext to be enciphered, e.g., when possession of an enciphering machine or algorithm is in the possession of the cryptanalyst.

19.4.17. cipher -- a secret form of writing, using substitution or transposition of characters or symbols. (From Arabic "sifr," meaning "nothing.")

19.4.18. ciphertext -- the plaintext after it has been encrypted.

19.4.19. Clipper -- the infamous Clipper chip

19.4.20. code -- a restricted cryptosystem where words or letters of a message are replaced by other words chosen from a codebook.

Not part of modern cryptology, but still useful.

19.4.21. coin flippping -- an important crypto primitive, or protocol, in which the equivalent of flipping a fair coin is possible. Implemented with blobs.

19.4.22. collusion -- wherein several participants cooperate to deduce the identity of a sender or receiver, or to break a cipher. Most cryptosystems are sensitive to some forms of collusion. Much of the work on implementing DC Nets, for example, involves ensuring that colluders cannot isolate message senders and thereby trace origins and destinations of mail.

19.4.23. COMINT -

19.4.24. computationally secure -- where a cipher cannot be broken with available computer resources, but in theory can be broken with enough computer resources. Contrast with unconditionally secure.

19.4.25. countermeasure -- something you do to thwart an attacker

19.4.26. credential -- facts or assertions about some entity. For example, credit ratings, passports, reputations, tax status, insurance records, etc. Under the current system, these credentials are increasingly being cross-linked. Blind signatures may be used to create anonymous credentials.

19.4.27. credential clearinghouse -- banks, credit agencies, insurance companies, police departments, etc., that correlate records and decide the status of records.

19.4.28. cryptanalysis -- methods for attacking and breaking ciphers and related cryptographic systems. Ciphers may be broken, traffic may be analyzed, and passwords may be cracked. Computers are of course essential.

19.4.29. crypto anarchy -- the economic and political system after the deployment of encryption, untraceable e-mail, digital pseudonyms, cryptographic voting, and digital cash. A pun on "crypto," meaning "hidden," and as when Gore Vidal called William F. Buckley a "crypto fascist."

19.4.30. cryptography -- another name for cryptology.

19.4.31. cryptology -- the science and study of writing, sending, receiving, and deciphering secret messages. Includes authentication, digital signatures, the hiding of messages (steganography), cryptanalysis, and several other fields.

19.4.32. cyberspace -- the electronic domain, the Nets, and computergenerated spaces. Some say it is the "consensual reality" described in "Neuromancer." Others say it is the phone system. Others have work to do.

19.4.33. DC protocol, or DC-Net -- the dining cryptographers protocol. DC-Nets use multiple participants communicating with the DC protocol.

19.4.34. DES -- the Data Encryption Standard, proposed in 1977 by the National Bureau of Standards (now NIST), with assistance from the National Security Agency. Based on the "Lucifer" cipher developed by Horst Feistel at IBM, DES is a secret key cryptosystem that cycles 64-bit blocks of data through multiple permutations with a 56-bit key controlling the routing. "Diffusion" and "confusion" are combined to form a cipher that has not yet been cryptanalyzed (see "DES, Security of"). DES is in use for interbank transfers, as a cipher inside of several RSA-based systems, and is available for PCs.

19.4.35. DES, Security of -- many have speculated that the NSA placed a trapdoor (or backdoor) in DES to allow it to read DESencrypted messages. This has not been proved. It is known that the original Lucifer algorithm used a 128-bit key and that this key length was shortened to 64 bits (56 bits plus 8 parity bits), ths making exhaustive search much easier (so far as is known, brute-force search has not been done, though it should be feasible today). Shamir and Bihan have used a technique called "differential cryptanalysis" to reduce the exhaustive search needed for chosen plaintext attacks (but with no import for ordinary DES).

19.4.36. differential cryptanalysis -- the Shamir-Biham technique for cryptanalyzing DES. With a chosen plaintext attack, they've reduced the number of DES keys that must be tried from about 2Л56 to about 2Л47 or less. Note, however, that rarely can an attacker mount a chosen plaintext attack on DES systems.

19.4.37. digital cash, digital money -- Protocols for transferring value, monetary or otherwise, electronically. Digital cash usually refers to systems that are anonymous. Digital money systems can be used to implement any quantity that is conserved, such as points, mass, dollars, etc. There are many variations of digital money systems, ranging from VISA numbers to blinded signed digital coins. A topic too large for a single glossary entry.

19.4.38. digital pseudonym -- basically, a "crypto identity." A way for individuals to set up accounts with various organizations without revealing more information than they wish. Users may have several digital pseudonyms, some used only once, some used over the course of many years. Ideally, the pseudonyms can be linked only at the will of the holder. In the simplest form, a public key can serve as a digital pseudonym and need not be linked to a physical identity.

19.4.39. digital signature -- Analogous to a written signature on a document. A modification to a message that only the signer can make but that everyone can recognize. Can be used legally to contract at a distance.

19.4.40. digital timestamping -- one function of a digital notary public, in which some message (a song, screenplay, lab notebook, contract, etc.) is stamped with a time that cannot (easily) be forged.

19.4.41. dining cryptographers protocol (aka DC protocol, DC nets) -the untraceable message sending system invented by David

Chaum. Named after the "dining philosophers" problem in computer science, participants form circuits and pass messages in such a way that the origin cannot be deduced, barring collusion. At the simplest level, two participants share a key between them. One of them sends some actual message by bitwise exclusive-ORing the message with the key, while the other one just sends the key itself. The actual message from this pair of participants is obtained by XORing the two outputs. However, since nobody but the pair knows the original key, the actual message cannot be traced to either one of the participants.

19.4.42. discrete logarithm problem -- given integers a, n, and x, find some integer m such that aAm mod n = x, if m exists.

Modular exponentiation, the aAm mod n part, is straightforward (and special purpose chips are available), but the inverse problem is believed to be very hard, in general. Thus it is conjectured that modular exponentiation is a one-way function.

19.4.43. DSS, Digital Signature Standard -- the latest NIST (National Institute of Standards and Technology, successor to NBS) standard for digital signatures. Based on the El Gamal

cipher, some consider it weak and poor substitute for RSA- based signature schemes.

19.4.44. eavesdropping, or passive wiretapping -- intercepting messages without detection. Radio waves may be intercepted, phone lines may be tapped, and computers may have RF emissions detected. Even fiber optic lines can be tapped.

19.4.45. Escrowed Encryption Standard (EES) -- current name for the key escrow system known variously as Clipper, Capstone, Skipjack, etc.

19.4.46. factoring -- Some large numbers are difficult to factor. It is conjectured that there are no feasible--i.e."easy," less than exponential in size of number-- factoring methods. It is also an open problem whether RSA may be broken more easily than by factoring the modulus (e.g., the public key might reveal information which simplifies the problem).

Interestingly, though factoring is believed to be "hard", it is not known to be in the class of NP-hard problems. Professor Janek invented a factoring device, but he is believed to be fictional.

19.4.47. HUMINT -

19.4.48. information-theoretic security -- "unbreakable" security, in which no amount of cryptanalysis can break a cipher or system. One time pads are an example (providing the pads are not lost nor stolen nor used more than once, of course). Same as unconditionally secure.

19.4.49. key -- a piece of information needed to encipher or decipher a message. Keys may be stolen, bought, lost, etc., just as with physical keys.

19.4.50. key exchange, or key distribution -- the process of sharing a key with some other party, in the case of symmetric ciphers, or of distributing a public key in an asymmetric cipher. A major issue is that the keys be exchanged reliably and without compromise. Diffie and Hellman devised one such scheme, based on the discrete logarithm problem.

19.4.51. known-plaintext attack -- a cryptanalysis of a cipher where plaintext-ciphertext pairs are known. This attack searches for an unknown key. Contrast with the chosen plaintext attack, where the cryptanalyst can also choose the plaintext to be enciphered.

19.4.52. listening posts -- the NSA and other intelligence agencies maintain sites for the interception of radio, telephone, and satellite communications. And so on. Many sites have been identified (cf. Bamford), and many more sites are suspected.

19.4.53. mail, untraceable -- a system for sending and receiving mail without traceability or observability. Receiving mail anonymously can be done with broadcast of the mail in encrypted form. Only the intended recipient (whose identity, or true name, may be unknown to the sender) may able to decipher the message. Sending mail anonymously apparently requires mixes or use of the dining cryptographers (DC) protocol.

19.4.54. Message Pool

19.4.55. minimum disclosure proofs -- another name for zero knowledge proofs, favored by Chaum.

19.4.56. mixes -- David Chaum's term for a box which performs the function of mixing, or decorrelating, incoming and outgoing electronic mail messages. The box also strips off the outer envelope (i.e., decrypts with its private key) and remails the message to the address on the inner envelope. Tamperresistant modules may be used to prevent cheating and forced disclosure of the mapping between incoming and outgoing mail. A sequence of many remailings effectively makes tracing sending and receiving impossible. Contrast this with the software version, the DC protocol. The "remailers" developed by Cypherpunks are an approximation of a Chaumian mix.

19.4.57. modular exponentiation -- raising an integer to the power of another integer, modulo some integer. For integers a, n, and m, aAm mod n. For example, 5Л3 mod 100 = 25. Modular

exponentiation can be done fairly quickly with a sequence of bit shifts and adds, and special purpose chips have been designed. See also discrete logarithm.

19.4.58. National Security Agency (NSA) -- the largest intelligence agency, responsible for making and breaking ciphers, for intercepting communications, and for ensuring the security of U.S. computers. Headquartered in Fort Meade, Maryland, with many listening posts around the world. The NSA funds cryptographic research and advises other agencies about cryptographic matters. The NSA once obviously had the world's leading cryptologists, but this may no longer be the case.

19.4.59. negative credential -- a credential that you possess that you don't want any one else to know, for example, a bankruptcy filing. A formal version of a negative reputation.

19.4.60. NP-complete -- a large class of difficult problems. "NP" stands for nondeterministic polynomial time, a class of problems thought in general not to have feasible algorithms for their solution. A problem is "complete" if any other

NP problem may be reduced to that problem. Many important combinatorial and algebraic problems are NP-complete: the travelling salesman problem, the Hamiltonian cycle problem, the graph isomorphism problem, the word problem, and on and on.

19.4.61. oblivious transfer -- a cryptographic primitive that involves the probablistic transmission of bits. The sender does not

know if the bits were received.

19.4.62. one-time pad -- a string of randomly-selected bits or symbols which is combined with a plaintext message to produce the ciphertext. This combination may be shifting letters some

amount, bitwise exclusive-ORed, etc.). The recipient, who also has a copy of the one time pad, can easily recover the plaintext. Provided the pad is only used once and then destroyed, and is not available to an eavesdropper, the system is perfectly secure, i.e., it is information- theoretically secure. Key distribution (the pad) is obviously a practical concern, but consider CD-ROM's.

19.4.63. one-way function -- a function which is easy to compute in one direction but hard to find any inverse for, e.g. modular exponentiation, where the inverse problem is known as the discrete logarithm problem. Compare the special case of trap door one-way functions. An example of a one-way operation

is multiplication: it is easy to multiply two prime numbers of 100 digits to produce a 200-digit number, but hard to factor that 200-digit number.

19.4.64. P ?=? NP -- Certainly the most important unsolved problem in complexity theory. If P = NP, then cryptography as we know it today does not exist. If P = NP, all NP problems are "easy."

19.4.65. padding -- sending extra messages to confuse eavesdroppers and to defeat traffic analysis. Also adding random bits to a message to be enciphered.

19.4.66. PGP

19.4.67. plaintext -- also called cleartext, the text that is to be enciphered.

19.4.68. Pool

19.4.69. Pretty Good Privacy (PGP) -- Phillip Zimmerman's implementation of RSA, recently upgraded to version 2.0, with more robust components and several new features. RSA Data Security has threatened PZ so he no longer works on it.

Version 2.0 was written by a consortium of non-U.S. hackers.

19.4.70. prime numbers -- integers with no factors other than themselves and 1. The number of primes is unbounded. About 1% of the 100 decimal digit numbers are prime. Since there are about 10л70 particles in the universe, there are about 10л23...100 digit primes for each and every particle in the

universe!

19.4.71. probabalistic encryption -- a scheme by Goldwasser, Micali, and Blum that allows multiple ciphertexts for the same plaintext, i.e., any given plaintext may have many ciphertexts if the ciphering is repeated. This protects

against certain types of known ciphertext attacks on RSA.

19.4.72. proofs of identity -- proving who you are, either your true name, or your digital identity. Generally, possession of the right key is sufficient proof (guard your key!). Some work

has been done on "is-a-person" credentialling agencies, using the so-called Fiat-Shamir protocol...think of this as a way to issue unforgeable digital passports. Physical proof of identity may be done with biometric security methods. Zero knowledge proofs of identity reveal nothing beyond the fact that the identity is as claimed. This has obvious uses for computer access, passwords, etc.

19.4.73. protocol -- a formal procedure for solving some problem. Modern cryptology is mostly about the study of protocols for many problems, such as coin-flipping, bit commitment (blobs), zero knowledge proofs, dining cryptographers, and so on.

19.4.74. public key -- the key distributed publicly to potential message-senders. It may be published in a phonebook-like directory or otherwise sent. A major concern is the validity of this public key to guard against spoofing or impersonation.

19.4.75. public key cryptosystem -- the modern breakthrough in cryptology, designed by Diffie and Hellman, with contributions from several others. Uses trap door one-way functions so that encryption may be done by anyone with access to the "public key" but decryption may be done only by the holder of the "private key." Encompasses public key encryption, digital signatures, digital cash, and many other protocols and applications.

19.4.76. public key encryption -- the use of modern cryptologic methods to provided message security and authentication. The RSA algorithm is the most widely used form of public key encryption, although other systems exist. A public key may be freely published, e.g., in phonebook-like directories, while the corresponding private key is closely guarded.

19.4.77. public key patents -- M.I.T. and Stanford, due to the work of Rivest, Shamir, Adleman, Diffie, Hellman, and Merkle, formed Public Key Partners to license the various public key, digital signature, and RSA patents. These patents, granted in the early 1980s, expire in the between 1998 and 2002. PKP has licensed RSA Data Security Inc., of Redwood City, CA, which handles the sales, etc.

19.4.78. quantum cryptography -- a system based on quantum-mechanical principles. Eavesdroppers alter the quantum state of the system and so are detected. Developed by Brassard and Bennett, only small laboratory demonstrations have been made.

19.4.79. remailers -- software versions of Chaum's "mixes," for the sending of untraceable mail. Various features are needed to do this: randomized order of resending, encryption at each stage (picked in advance by the sender, knowing the chain of remailers), padding of message sizes. The first remailer was written by E. Hughes in perl, and about a dozen or so are active now, with varying feature sets.

19.4.80. reputations -- the trail of positive and negative associations and judgments that some entity accrues. Credit ratings, academic credentials, and trustworthiness are all examples. A digital pseudonym will accrue these reputation credentials based on actions, opinions of others, etc. In crypto anarchy, reputations and agoric systems will be of paramount importance. There are many fascinating issues of how reputation-based systems work, how credentials can be bought and sold, and so forth.

19.4.81. RSA -- the main public key encryption algorithm, developed by Ron Rivest, Adi Shamir, and Kenneth Adleman. It exploits the difficulty of factoring large numbers to create a private key and public key. First invented in 1978, it remains the core of modern public key systems. It is usually much slower than DES, but special-purpose modular exponentiation chips will likely speed it up. A popular scheme for speed is to use RSA to transmit session keys and then a high-speed cipher like DES for the actual message text.

19.4.82. secret key cryptosystem -- A system which uses the same key to encrypt and decrypt traffic at each end of a communication link. Also called a symmetric or one-key system. Contrast

with public key cryptosystem.

19.4.83. SIGINT -

19.4.84. smart cards -- a computer chip embedded in credit card. They can hold cash, credentials, cryptographic keys, etc. Usually these are built with some degree of tamper-resistance. Smart cards may perform part of a crypto transaction, or all of it. Performing part of it may mean checking the computations of a more powerful computer, e.g., one in an ATM.

19.4.85. spoofing, or masquerading -- posing as another user. Used for stealing passwords, modifying files, and stealing cash.

Digital signatures and other authentication methods are useful to prevent this. Public keys must be validated and protected to ensure that others don't subsititute their own public keys which users may then unwittingly use.

19.4.86. steganography -- a part of cryptology dealing with hiding messages and obscuring who is sending and receiving messages. Message traffic is often padded to reduce the signals that would otherwise come from a sudden beginning of messages.

"Covered writing."

19.4.87. symmetric cipher -- same as private key cryptosystem.

19.4.88. tamper-responding modules, tamper-resistant modules (TRMs) -sealed boxes or modules which are hard to open, requiring extensive probing and usually leaving ample evidence that the tampering has occurred. Various protective techniques are

used, such as special metal or oxide layers on chips, armored coatings, embedded optical fibers, and other measures to thwart analysis. Popularly called "tamper-proof boxes." Uses include: smart cards, nuclear weapon initiators, cryptographic key holders, ATMs, etc.

19.4.89. tampering, or active wiretapping -- intefering with messages and possibly modifying them. This may compromise data security, help to break ciphers, etc. See also spoofing.

19.4.90. Tessera

19.4.91. token -- some representation, such as ID cards, subway tokens, money, etc., that indicates possession of some property or value.

19.4.92. traffic analysis -- determining who is sending or receiving messages by analyzing packets, frequency of packets, etc. A

part of steganography. Usually handled with traffic padding.

19.4.93. traffic analysis -- identifying characteristics of a message (such as sender, or destination) by watching traffic.

Remailers and encryption help to foil traffic analysys.

19.4.94. transmission rules -- the protocols for determining who can send messages in a DC protocol, and when. These rules are needed to prevent collision and deliberate jamming of the channels.

19.4.95. trap messages -- dummy messages in DC Nets which are used to catch jammers and disrupters. The messages contain no private information and are published in a blob beforehand so that the trap message can later be opened to reveal the disrupter. (There are many strategies to explore here.)

19.4.96. trap-door -- In cryptography, a piece of secret information that allows the holder of a private key to invert a normally hard to invert function.

19.4.97. trap-door one way functions -- functions which are easy to compute in both the forward and reverse direction but for which the disclosure of an algorithm to compute the function in the forward direction does not provide information on how to compute the function in the reverse direction. More simply put, trap-door one way functions are one way for all but the holder of the secret information. The RSA algorithm is the best-known example of such a function.

19.4.98. unconditional security -- same as information-theoretic security, that is, unbreakable except by loss or theft of the key.

19.4.99. unconditionally secure -- where no amount of intercepted ciphertext is enough to allow the cipher to be broken, as with the use of a one-time pad cipher. Contrast with computationally secure.

19.4.100. URLs

19.4.101. voting, cryptographic -- Various schemes have been devised for anonymous, untraceable voting. Voting schemes should have several properties: privacy of the vote, security of the vote (no multiple votes), robustness against disruption by jammers or disrupters, verifiability (voter has confidence in the results), and efficiency.

19.4.102. Whistleblowers

19.4.103. zero knowledge proofs -- proofs in which no knowledge of the actual proof is conveyed. Peggy the Prover demonstrates to Sid the Skeptic that she is indeed in possession of some piece of knowledge without actually revealing any of that knowledge. This is useful for access to computers, because eavesdroppers or dishonest sysops cannot steal the knowledge given. Also called minimum disclosure proofs. Useful for proving possession of some property, or credential, such as age or voting status, without revealing personal information.

19.5. Appendix -- Summary of Crypto Versions

19.5.1. DOS and Windows

19.5.2. OS/2

19.5.3. Amiga

19.5.4. Unix

19.5.5. SFS ?

19.5.6. Macintosh

Ed Dantes edantes@crash.cts.com writes [quoting normalised - iwj]: >> subject line says it all. > PGP 2.6 is distributed from MIT and is legally available to US and Canadian residents. It uses the RSAREF library. It has code that will prevent >interoperation with earlier versions of PGP. > PGP 2.6ui is a modified version of PGP 2.3a which functions almost identically to MIT PGP 2.6, without the "cripple code" of MIT PGP 2.6. It >is legally available outside the US and Canada only. This is false. PGP 2.6ui is available to US and Canadian residents. It is definitely legal for such people to download PGP 2.6ui and study it. However, RSADSI claim that using PGP 2.6ui in the US and Canada violates their patents on the RSA algorithm and on public key cryptography in general. Other people (like myself) believe that these patents wouldn't stand up if tested in court, and that in any case the damages recoverable would be zero. You might also like to know that the output formats generated by 2.6ui and MIT-2.6 are identical, so that if you choose to use 2.6ui in North America noone will be able to tell the difference anyway. Unfortunately these patent problems have caused many North American FTP sites to stop carrying 2.3a and 2.6ui, for fear of committing contributory infringement. If you would like to examine PGP 2.3a or 2.6ui, they are available on many FTP sites. Try black.ox.ac.uk:/src/security ftp.demon.co.uk:/pub/pgp ftp.dsi.unimi.it:/pub/security/crypt/PGP ftp.funet.fi:/pub/crypt for starters. Look out for the regular postings here in alt.security.pgp for other sites.

     ...BEGIN PGP SIGNATURE...
     Version: 2.6
     iQCVAgUBLhqD48MWjroj9a3bAQH9VgQAqOvCVXqJLhnFvsKfr82M5808h
     6GKY5RW
     SZ1/YLmshlDEMgeab4pSLSz+lDvsox2KFxQkP7O3oWYnswXcdr4FdLBu/
     TXU+IQw
     E4r/jY/IXSupP97Lxj9BB73TkJIHVmrqgoPQG2Nszj60cbE/LsiGs5uMn
     CSESypH
     c0Y8FnR64gc=
     =Pejo
     ...END PGP SIGNATURE...
     Ian Jackson, at home <ijackson@nyx.cs.du.edu> or
     <iwj10@cus.cam.ac.uk>

+44 223 575512 Escoerea on IRC. http://www.cl.cam.ac.uk/users/iwj10/ 2 Lexington Close, Cambridge, CB4 3LS, England. Urgent: iwj@cam-orl.co.uk

This is an export controlled ftp site: read pub/crypt/GETTING_ACCESS for information. ftp.csn.org:/mpj/I_will_not_export/crypto_???????/curve_e ncrypt/ csn.org is also export-controlled: read /mpj/README for the characters to replace ???????." [ "W. Kinney" kinney@bogart.Colorado.EDU, 1994-07-08]

19.5.7. Newton

19.5.8. Atari

19.5.9. VMS

19.5.10. IBM VM/etc.

19.5.11. Miscellaneous

19.5.12. File-splitting utilities

19.6. Appendix -- References

19.6.1. the importance of libraries

19.6.2. Books

19.6.3. sci.crypt

19.6.4. cryptography-faq

19.6.7. Various computer security papers, publications, and programs can be found at cert.org.

19.7. Glossary Items

19.7.1. message pools --

19.7.2. pools -- see "message pools."

19.7.3. cover traffic --

19.7.4. padding -- see "message padding

19.7.5. message padding --

19.7.6. latency -

19.7.7. BlackNet -- an experiment in information markets, using anonymous message pools for exchange of instructions and items. Tim May's experiment in guerilla ontology.

19.7.8. ILF -- Information Liberation Front. Distributes copyrighted material via remailers, anonymously. Another experiment in guerilla ontology.

19.7.9. digital mix --

19.7.10. FinCEN -- Financial Crimes Enforcement Network.

19.7.11. true name -- one's actual, physical name. Taken from Vernor Vinge's novel of the same name.

19.7.12. mix --

19.7.13. TEMPEST --

19.7.14. OTP --

19.7.15. Vernam cipher --

19.7.16. detweiler -- verb, to rant and rave about tentacles that are destroying one's sanity through crypto anarchist thought control. Named after L. Detweiler. "He's just detweilering."

19.7.17. remailer -

19.7.18. Stego -

19.7.19. incipits -- message indicators or tags (relates to stego) .7.20. duress code -- a second key which can decrypt a message to something harmless. Could be useful for bank cards, as well as for avoiding incrimination. A form of security through obscurity, and not widely used.

19.8. A comment on software versions, ftp sites, instructions, etc. .8.1. I regret that I can't be complete in all versions, platforms supported, sites for obtaining, instructions, incompatibilities, etc. Frankly, I'm drowning in reports of new versions, questions about use, etc. Most of these versions I have no direct knowledge of, have no experience with, and no appreciation of subtle incompatibilites involved.

19.8.2. There are others who have concentrated on providing up-to- date reports on what is available. Some of them are"

19.8.3. Reading sci.crypt, alt.security.pgp, and related groups for a few weeks and looking for programs of interest to one's own situation should give the most recent and current results.

Things are moving quickly, so if one is interested in "AmigaPGP," for example, then the right place to look for the latest versions is in the groups just mentioned, or in groups and ftp sites specific to the Amiga. (Be careful that sabotaged or spoofed versions are not used, as in all crypto. "Joe's AmigaPGP" might need a closer look.)

20. README


THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, 1994-09-10, Copyright Timothy C. May. All rights reserved. See the detailed disclaimer. Use short sections under "fair use" provisions, with appropriate credit, but don't put your name on my words.

20.2. README--BRIEF VERSION

All rights reserved. For what it's worth.

20.2.2. Apologies in advance

for the mix of styles (outline, bullet, text, essays), for fragments and incomplete sections. This FAQ is already much too long and detailed, and writing suitable connective material, introductions, summaries, etc. is not in the cards anytime soon. Go with the flow, use your text searching tools, and deal with it.

20.2.3. Substantive corrections welcome,

quibbles less welcome, and ideological debate even less welcome. Corrections to outdated information, especially on pointers to information, will be most appreciated.

20.3.1. It may seem illogical

for a Cypherpunk to assert some kind of copyright. Perhaps. But my main concern is the ease with which people can relabel documents as their own, sometimes after only adding a few words here and there.

20.3.2. Yes, I used the words of others

in places, to make points better than I felt my own words would, to save time, and to give readers a different voice speaking on issues. I have credited quotes with a "[Joe Foobar, place, date] attribution, usually at the end of the quote. If a place is not listed, it is the Cypherpunks list itself. The author and date should be sufficient to (someday) retrieve the source text. By the way, I used quotes as they seemed appropriate, and make no claims that the quoted points are necessarily original to the author--who may have remembered them from somewhere else--or that the date listed is the origination date for the point. I have something like 80 megabytes of Cypherpunks posts, so I couldn't do an archaeological dig for the earliest mention of an idea.

20.3.3. People can quote this FAQ

under the "fair use" provisions, e.g., a paragraph or two, with credits. Anything more than a few paragraphs constitutes copyright infringement, as I understand it.

20.3.4. Should I give up the maintaining of this FAQ

and/or should others get involved, then the normal co-authorship and inheritance arrangements will be possible.

20.3.5. The Web. WWW and Mosaic offer amazing new opportunities for on-line documents.

It is in fact likely that this FAQ will be available as a Web document. My concern, however, is that the integrity and authorship be maintained. Thus, splitting the document in a hundred or more little pieces, with no authorship attached, would not be cool. Also, I intend to maintain this document with my powerful outlining tools (Symantec's "MORE," on a Macintosh) and thus anyone who "freezes" the document and uses it as a base for links, pointers, etc., will be left behind as mods are made.

20.4. A Few Words on the Style

20.4.1. Some sections are in outline form

20.4.2. Other sections are written in more complete essay form,

as reasonably self-contained analyses of some point or topic. Like this. Some of these essays were taken directly out of posts I did for the list, or for sci.crypt, and no attribution H (since I wrote the stuff...quotes from others are credited).

20.4.3. The styles may clash,

but I just don't have the hundreds of hours to go through and "regularize" everything to a consistent style. The outline style allows additional points, wrinkles, rebuttals, and elaborations to be grafted on easily (if not always elegantly). I hope most readers can understand this and learn to deal with it.

20.4.4. Of course, there are places where

the points made are just too fragmentary, too outlinish, for people to make sense of. I've tried to clean these up as much as I can, but there will always be some places where an idea seemed clear to me at the time (maybe not) but which is not presented clearly to others. I'll keep trying to iron these kinks out in future versions.

20.4.5. Comment on style

20.4.6. quibbling

20.5. How to Find Information

20.5.1. This FAQ is very long,

which makes finding specific questions problematic. Such is life--shorter FAQ are of course easier to navigate, but may not address important issues.

20.5.2. A full version of this FAQ is available,

as well as chapter- by-chapter versions (to reduce the downloading efforts for some people). Search tools within text editors are one way to find topics. Future versions of this FAQ may be paginated and then indexed (but maybe not).

20.5.3. I advise using search tools

in editors and word processors to find sections of interest. This is likely faster anyway than consulting an index generated by me (which I haven't generated, and probably never will).

20.6. My Views

20.6.1. This FAQ,

or whatever one calls it, is more than just a simple listing of frequently asked questions and the lowest- common-denominator answers. This should be clear just by the size alone. I make no apologies for writing the document I wanted to write. Others are free to write the FAQ they would prefer to read. You're getting what you paid for.

20.6.2. My views are rather strong in some areas.

I've tried to present some dissenting arguments in cases where I think Cypherpunks are really somewhat divided, such as in remailer strategies and the like. In cases where I think there's no credible dissent, such as in the wisdom of Clipper, I've made no attempt to be fair. My libertarian, even anarchist, views surely come through. Either deal with it, or don't read the document. I have to be honest about this.

20.7. More detailed disclaimer

20.7.1. This detailed disclaimer is probably not good

in most courts in the U.S., contracts having been thrown out if favor of nominalism, but here it is anyway. At least nobody can claim they were misled into thinking I was giving them warranteed, guaranteed advice.

20.7.2. Timothy C. May hereby disclaims

all warranties relating to this document, whether express or implied, including without limitation any implied warranties of merchantability or fitness for a particular purpose. Tim May will not be liable for any special, incidental, consequential, indirect or similar damages due to loss of business, indictment for any crime, imprisonment, torture, or any other reason, even if Tim May or an agent of his has been advised of the possibility of such damages. In no event shall Tim May be liable for any damages, regardless of the form of the claim. The person reading or using the document bears all risk as to the quality and suitability of the document. Legality of reading or possessing this document in a jurisdiction is not the responsibility of Tim May.

20.7.3. The points expressed may or may not represent the views of

Tim May, and certainly may not represent the views of other Cypherpunks. Certain ideas are explored which, if implemented, would be illegal to various extents in most countries in the world. Think of these explorations of ideas as just that.

20.8. I've decided to release this

before the RSA patents run out...