Elon Musk: Re: Building crypto archives worldwide to foil US-built Berlin Walls
1998 Dec 8
See all posts
Elon Musk: Re: Building crypto archives worldwide to foil US-built Berlin Walls @ Satoshi Nakamoto
- Author
-
Elon Musk
- Email
-
satoshinakamotonetwork@proton.me
- Site
-
https://satoshinakamoto.network
From: x <x@x.com>
Date: Tue, 8 Dec 1998 17:46:28 +0800
To: cypherpunks@cyberpass.net
Subject: Re: Building crypto archives worldwide to foil US-built Berlin Walls
Message-ID: <3.0.32.19691231160000.006fd6e8@shell15.ba.best.com>
MIME-Version: 1.0
Content-Type: text/plain
This brings to mind again a method of distribution that I've thought
for some time and has probably been discussed on this list before. In
this distribution method, as long as there is the opportunity to
cooperate ahead of time and out of band, there is the potential for
retaining the ability to provide access any binary data that would be
subject to unwanted control.
The scheme is just a variation of secret sharing and all that is
necessary is for several different entities to replicate portions of the
desired software, which portions in and of themselves cannot be subject
to any control.
For (a trivial) example take the image of PGP zipped up for download.
Three different sites create a unique portion of that image for
themselves, for example, each site takes every third byte, and throw in
some additional obfuscation by each site XORing their portion of the
image by some additional data available at a fourth site such as a
collection of cypherpunk list text.
It then is trivial to reconstruct the desired image from the
independent sources, while none of the sources themselves can be subject
to controls without having to go down the rat hole of having to define
what really constitutes the restricted material – either in all possible
forms, or in terms of all possible transforms applicable to the
partitioned source material. Otherwise it could be argued that there is
a function and that takes the image of an ASCII representation of Herman
Melville's Moby Dick into the image of PGP.ZIP and therefore Moby Dick
is an export controlled item. Or is the transform the export-controlled
item? Or what?
Eh?
Robert Hettinga's original
post
At 09:38 PM 12/7/98 -0500, Robert Hettinga wrote:
— begin forwarded text
X-Authentication-Warning: toad.com: Host localhost [127.0.0.1] didn't
use HELO protocol
To: cryptography@c2.net, gnu@toad.com
Subject: Building crypto archives worldwide to foil US-built Berlin
Walls
Date: Mon, 07 Dec 1998 15:23:54 -0800
From: John Gilmore gnu@toad.com
Sender: owner-cryptography@c2.net
The US Wassenaar initiative is an attempt to deny the public not only
all future strong crypto developments, but all existing ones. As today's
message from Denmark makes clear, the freedom-hating bureaucrats are
threatening to prosecute a citizen merely for publishing PGP on his web
page.
Let's at least ensure that they don't eliminate today's
strong crypto, by replicating crypto archives behind each Berlin Wall
they threaten to erect. Today we depend on a small number of archives
(in a small number of countries) containing source and binaries for PGP,
SSH, Kerberos, cryptoMozilla, IPSEC, and many other useful crypto tools
that we use daily.
Let's replicate these archives in many countries. I call for
volunteers in each country, at each university or crypto-aware
organization, to download crypto tools while they can still be exported
from where they are, and then to offer them for export from your own
site and your own country as long as it's legal. (The Wassenaar
agreement is not a law; each country has merely agreed to try to change
its own laws, but that process has not yet started.)
And if at some future moment your own government makes it illegal for
you to publish these tools, after all your appeals are denied, all the
pro-bono court cases rejected, and all the newspaper coverage you can
get has been printed, then restrict your web site so that only your own
citizens can get the tools. That'll still be better than the citizens of
your country having NO access to the tools of privacy!
(I suggest putting these tools on a Web site on a machine that you
own, rather than on a web site where you buy space from someone else.
That way there'll be nobody for the freedom-squashers to threaten except
you.)
I'm sure that John Young's excellent http://jya.com site will be
happy to provide an index of crypto archives around the world, if people
will send him notices at jya@pipeline.com as your sites come up. (Each
archive should locally mirror this list, so that we won't depend on a
single site.)
Rather than having their desired effect of squelching crypto
distribution, perhaps their overbold move can inspire us to increase
strong crypto distribution tenfold, by making it clear to the public
that if you don't keep a copy on your own hard drive, the governments of
the world will be merciless in scheming to deny you access to it. And if
crypto developers have to publish on books, or rely on smugglers to get
crypto from country to country, then at least each country will have its
distribution arrangements already ready for when the book is scanned or
the smuggler arrives.
John Gilmore
— end forwarded text
Robert A. Hettinga <mailto: rah@philodox.com>
Philodox Financial Technology Evangelism http://www.philodox.com/
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." – Edward Gibbon, ‘Decline and Fall of the Roman Empire'
Reply from Tim Griffiths
From: Tim Griffiths <griffith@wis.weizmann.ac.il>
Date: Tue, 8 Dec 1998 18:23:42 +0800
To: x <cypherpunks@cyberpass.net
Subject: Re: Building crypto archives worldwide to foil US-built Berlin Walls
In-Reply-To: <3.0.32.19691231160000.006fd6e8@shell15.ba.best.com>
Message-ID: <366CF6FD.DBBE7AD2@wis.weizmann.ac.il>
MIME-Version: 1.0
Content-Type: text/plain
x wrote:
This brings to mind again a method of distribution that I've thought
for some time and has probably been discussed on this list before... For
(a trivial) example take the image of PGP zipped up for download. Three
different sites create a unique portion of that image for themselves,
for example, each site takes every third byte, and throw in some
additional obfuscation...It then is trivial to reconstruct the desired
image from the independent sources, while none of the sources themselves
can be subject to controls without having to go down the rat hole of
having to define what really constitutes the restricted material...
What is the point of the obfuscation? If it's not legal to do it
openly, then it's certainly not legal to hide the fact your doing it.
"The accused did it in such a way as to demonstrate that he was aware of
it's illegality".
By your example, you could also take a cruise missile apart, and
ship each part separately. After all, none of it is actually a
missile.
However I ‘export' PGP from the US, I'm exporting it, even if I have
a web site for each bit, 0 or 1 being determined by whether Clinton has
a cigar or not in a posted picture. Yes, the law is inconsistent (let
alone stupid). Not, I wouldn't want to try this and expect to be immune
from prosecution.
Tim G
—-
Tim Griffiths
griffith@wis.weizmann.ac.il
Center for Submicron Research
http://tim01.ex.ac.uk
Weizmann Institute of Science
(972)-8-934-2736
Rehovot 76100 Israel
‘I have sat and listened to the arguments of men, and I tell you they
are shallow movements in space tied to reality only by the ego of their
minds.' -DF
Reply from Mok-Kong Shen
From: Mok-Kong Shen <mok-kong.shen@stud.uni-muenchen.de>
Date: Tue, 8 Dec 1998 20:38:01 +0800
To: cypherpunks@cyberpass.net
Subject: Re: Building crypto archives worldwide to foil US-built Berlin Walls
In-Reply-To: <3.0.32.19691231160000.006fd6e8@shell15.ba.best.com>
Message-ID: <366D134F.54FFCEA4@stud.uni-muenchen.de>
MIME-Version: 1.0
Content-Type: text/plain
Tim Griffiths wrote:
However I ‘export' PGP from the US, I'm exporting it, even if I have
a web site for each bit, 0 or 1 being determined by whether Clinton has
a cigar or not in a posted picture.
Hence the best way, once there are strict export regulations, is not
to export. One moves rather knowledge (thought) across the country
boundaries and there build locally the desired software. That's why I
believe it will be increasingly more essential for the future to have
good crypto algorithms that are very simple to describe and implement.
Whether these are very fast is at most of secondary importance. For
really very critical applications seldom involve huge volumes and even
if they do the computing cost hardly matters and one can employ multiple
hardware to achieve the required rate of transmission.
M. K. Shen
————————-
M. K. Shen, Postfach 340238, D-80099 Muenchen, Germany
+49 (89) 831939 (6:00 GMT)
mok-kong.shen@stud.uni-muenchen.de
http://www.stud.uni-muenchen.de/~mok-kong.shen/
(Last updated: 10th October 1998. Origin site of WEAK1, WEAK2, WEAK3 and
WEAK3-E. Containing 2 mathematical problems with rewards totalling
US$500.)
Reply from Elon Musk
From: x <x@x.com>
Date: Tue, 8 Dec 1998 19:20:05 +0800
To: cypherpunks@cyberpass.net
Subject: Re: Building crypto archives worldwide to foil US-built Berlin Walls
Message-ID: <3.0.32.19691231160000.007048c0@shell15.ba.best.com>
MIME-Version: 1.0
Content-Type: text/plain
At 11:53 AM 12/8/98 +0200, Tim Griffiths wrote:
x wrote: > > This brings to mind again a method of distribution
that I've thought for > some time and has probably been discussed on
this list before... > For (a trivial) example take the image of PGP
zipped up for download. > Three different sites create a unique
portion of that image for > themselves, for example, each site takes
every third byte, and throw > in some additional obfuscation...It then
is trivial to reconstruct > the desired image from the independent
sources, while none of the > sources themselves can be subject to
controls without having to go > down the rat hole of having to define
what really constitutes the > restricted material...
- What is the point of the obfuscation? If it's not legal to do it
openly, then it's certainly not legal to hide the fact your doing it.
"The accused did it in such a way as to demonstrate that he was aware of
it's illegality".
the point is not to hide anything; the point is to expand,
arbitrarily (and this was a trivial example), the f() that takes bits
from a controllable image to one that is not.
- By your example, you could also take a cruise missile apart, and
ship each part separately. After all, none of it is actually a
missile.
in a cruise missle, there will be certain parts – e.g. the warhead
explosives? – that are still identifiable as controlled. taking apart
the missle by n people where n is the number of ‘parts' will result in
some subset of participants possessing components that implicate them in
an illegal act. this is simply not true of bits. What is the bit
sequence that defines "munition"-ness? My point is that there is no hard
point at which that can be defined, when you start talking about
mappings from a controlled image to some other images which cannot be
controlled.
However I ‘export' PGP from the US, I'm exporting it, even if I have
a web site for each bit, 0 or 1 being determined by whether Clinton has
a cigar or not in a posted picture.
You're just asserting the assumptions I am trying to examine, and
this is not helpful. You're also assuming a single participant, with
accountability. I am assuming multiple participants, and that they're
acting independently; let's expand this to say that one individual
provides the ‘algorithm' for the mapping, and any other participants are
free to obtain their image out of band legally, and implement this
algorithm on some portion of the image, publishing the result. Whom do
you arrest? Where is the culpability?
If the algorithm defines that there be 256K subimages of the
original, one for each byte, say...can I be arrested for choosing to post
f(byte 123,456)? Or do I get arrested for publishing f(byte 123,456)
PLUS the information that identifies this byte as corresponding to byte
123,456 in the reconstruction of the original? I honestly don't know
where this goes, but to just make a blanket statement like you did
doesn't really add anything.
Yes, the law is inconsistent (let alone stupid). Not, I wouldn't want
to try this and expect to be immune from prosecution.
Tim G
–
Tim Griffiths
griffith@wis.weizmann.ac.il
Center for Submicron Research
http://tim01.ex.ac.uk
Weizmann Institute of Science
(972)-8-934-2736
Rehovot 76100 Israel
‘I have sat and listened to the arguments of men, and I tell you they
are shallow movements in space tied to reality only by the ego of their
minds.' -DF
Elon Musk: Re: Building crypto archives worldwide to foil US-built Berlin Walls
1998 Dec 8 See all postsElon Musk
satoshinakamotonetwork@proton.me
https://satoshinakamoto.network
This brings to mind again a method of distribution that I've thought for some time and has probably been discussed on this list before. In this distribution method, as long as there is the opportunity to cooperate ahead of time and out of band, there is the potential for retaining the ability to provide access any binary data that would be subject to unwanted control.
The scheme is just a variation of secret sharing and all that is necessary is for several different entities to replicate portions of the desired software, which portions in and of themselves cannot be subject to any control.
For (a trivial) example take the image of PGP zipped up for download. Three different sites create a unique portion of that image for themselves, for example, each site takes every third byte, and throw in some additional obfuscation by each site XORing their portion of the image by some additional data available at a fourth site such as a collection of cypherpunk list text.
It then is trivial to reconstruct the desired image from the independent sources, while none of the sources themselves can be subject to controls without having to go down the rat hole of having to define what really constitutes the restricted material – either in all possible forms, or in terms of all possible transforms applicable to the partitioned source material. Otherwise it could be argued that there is a function and that takes the image of an ASCII representation of Herman Melville's Moby Dick into the image of PGP.ZIP and therefore Moby Dick is an export controlled item. Or is the transform the export-controlled item? Or what?
Eh?
Robert Hettinga's original post
At 09:38 PM 12/7/98 -0500, Robert Hettinga wrote:
Reply from Tim Griffiths
x wrote:
What is the point of the obfuscation? If it's not legal to do it openly, then it's certainly not legal to hide the fact your doing it. "The accused did it in such a way as to demonstrate that he was aware of it's illegality".
By your example, you could also take a cruise missile apart, and ship each part separately. After all, none of it is actually a missile.
However I ‘export' PGP from the US, I'm exporting it, even if I have a web site for each bit, 0 or 1 being determined by whether Clinton has a cigar or not in a posted picture. Yes, the law is inconsistent (let alone stupid). Not, I wouldn't want to try this and expect to be immune from prosecution.
Tim G
—-
Tim Griffiths
griffith@wis.weizmann.ac.il
Center for Submicron Research
http://tim01.ex.ac.uk
Weizmann Institute of Science
(972)-8-934-2736
Rehovot 76100 Israel
‘I have sat and listened to the arguments of men, and I tell you they are shallow movements in space tied to reality only by the ego of their minds.' -DF
Reply from Mok-Kong Shen
Tim Griffiths wrote:
Hence the best way, once there are strict export regulations, is not to export. One moves rather knowledge (thought) across the country boundaries and there build locally the desired software. That's why I believe it will be increasingly more essential for the future to have good crypto algorithms that are very simple to describe and implement. Whether these are very fast is at most of secondary importance. For really very critical applications seldom involve huge volumes and even if they do the computing cost hardly matters and one can employ multiple hardware to achieve the required rate of transmission.
M. K. Shen
————————-
M. K. Shen, Postfach 340238, D-80099 Muenchen, Germany
+49 (89) 831939 (6:00 GMT)
mok-kong.shen@stud.uni-muenchen.de
http://www.stud.uni-muenchen.de/~mok-kong.shen/
(Last updated: 10th October 1998. Origin site of WEAK1, WEAK2, WEAK3 and WEAK3-E. Containing 2 mathematical problems with rewards totalling US$500.)
Reply from Elon Musk
At 11:53 AM 12/8/98 +0200, Tim Griffiths wrote:
the point is not to hide anything; the point is to expand, arbitrarily (and this was a trivial example), the f() that takes bits from a controllable image to one that is not.
in a cruise missle, there will be certain parts – e.g. the warhead explosives? – that are still identifiable as controlled. taking apart the missle by n people where n is the number of ‘parts' will result in some subset of participants possessing components that implicate them in an illegal act. this is simply not true of bits. What is the bit sequence that defines "munition"-ness? My point is that there is no hard point at which that can be defined, when you start talking about mappings from a controlled image to some other images which cannot be controlled.
You're just asserting the assumptions I am trying to examine, and this is not helpful. You're also assuming a single participant, with accountability. I am assuming multiple participants, and that they're acting independently; let's expand this to say that one individual provides the ‘algorithm' for the mapping, and any other participants are free to obtain their image out of band legally, and implement this algorithm on some portion of the image, publishing the result. Whom do you arrest? Where is the culpability?
If the algorithm defines that there be 256K subimages of the original, one for each byte, say...can I be arrested for choosing to post f(byte 123,456)? Or do I get arrested for publishing f(byte 123,456) PLUS the information that identifies this byte as corresponding to byte 123,456 in the reconstruction of the original? I honestly don't know where this goes, but to just make a blanket statement like you did doesn't really add anything.