= 27d567bc2d48d9f40e9ccc20ea370b15)
Kindly comments on Open Thread, September 1-15, 2012 - Less Wrong
You are viewing a comment permalink. View the original post to see all comments and the full post content.
= 783df68a0f980790206b9ea87794c5b6)
Loading…= b715d02e85f7b3b4ae65ca3d3e450868)
Subscribe to RSS Feed
Powered by Reddit
= f037147d6e6c911a85753b9abdedda8d)
You are viewing a comment permalink. View the original post to see all comments and the full post content.
Comments (353)
I'm thinking about a fantasy setting that I expect to set stories in in the future, and I have a cryptography problem.
Specifically, there are no computers in this setting (ruling out things like supercomplicated RSA). And all the adults share bodies (generally, one body has two people in it). One's asleep (insensate, not forming memories about what's going on, and not in any sort of control over the body) and one's awake (in control, forming memories, experiencing what's going on) at any given time. There is not necessarily any visible sign when one party falls asleep and the other wakes, although there are fakeable correlates (basically, acting like you just appeared wherever you are). It does not follow a rigid schedule, although there is an approximate maximum period of time someone can stay awake for, and there are (also fakeable) symptoms of tiredness. Persons who share bodies still have distinct legal and social existences, so if one commits a crime, the other is entitled to walk free while awake as long as they come back before sleeping - but how do they prove it?
There are likely to be three levels of security, with one being "asking", the second being a sort of "oh yeah? prove it" ("tell me something only my wife would know / exhibit a skill your cohabitor hasn't mastered / etc."), and the third being... something. Because you don't want to turn loose someone who could be a dangerous criminal just because they were collaborating with a third party to learn information, or broke into the National Database of Secret Person-Distinguishing Passphrases, or didn't disclose all their skills to some central skill registry - but you don't want to lock up innocent people who made bad choices about who to move in with when they were eight, either.
Is there something that doesn't require computers, or human-atypical levels of memorization/computation, or rely critically on a potentially-break-into-able National Database of Secret Person-Distinguishing Passphrases, which will let someone have a permanently private bit of information they can use to verify to arbitrary others who they are? (There is magic, but it is not math-doing magic.)
Each personality owns a bracelet with a combination lock. To prove you're you, you unlock your bracelet. This is basically the password system, but localized, and now you just have to worry about making combination locks tamper-proof.
Unfortunately, physical locks interact very badly with the magic system. (In brief: "Lockedness" is a thing. If you are about average at magic, it's a thing you can move from one thing you're touching that is locked to another thing you are touching that can be locked but isn't.)
Since it’s the only thing I know about the magic system, I suggest looking closely into what it means that X can be Y. (By “looking closely” I mean “exercise your authorial authority”.) Then tie the procedure to something that can’t be moved to anything that prisoners have around, other than the actual testing thing.
But the thing that keeps returning to my mind is that in our world we do quarantine innocent people if they carry dangerous enough diseases. I think you’d need a pretty high rate of evil-twinniness for a society not to take the easy way out and do the same. Even a very trustworthy person can fail to return to prison (?) by accident.
Anyway, I think pen-and-paper cryptography is your best guess, unless “encryptedness” and related properties are things that can be moved. Neal Stephenson’s Cryptonomicon has an example of a protocol that uses a deck of cards. (Which is imaginary but possible AFAIK.)
It's not imaginary; the protocol is described in one of the appendices, and I've implemented it once.
Cool! Do you remember the “performance” of the protocol? (That is, how much work it takes to exchange how much information, in approximate human-scale terms, and its approximate security in usual cryptographic language.)
Sadly, Bruce Schneier's "Solitaire" is broken. That break was one of the things that got me into crypto!
Can you explain how broken it is to this layperson?
Warning: What follows likely has major technical errors - basically all I know about cryptography I learned from Cryptonomicon.
From the description, the random numbers are not evenly generated so that what should have a 1/26 chance of happening has a 1/22.5. And the output is heavily biased.
How much does that matter? We can easily decrypt Enigma with brute force right now. Is the difference in the amount of computing power to brute force Solitaire all that much different from what is expected?
In other words, encryptions with 256-bit keys are harder to crack than 128-bit keys. But is the problem with Solitaire 20-years-safe vs. 10-years-safe, or is it 20-years-safe vs. 12-months-safe?
Yeah... I guess as long as I'm postulating accomplices, I might as well postulate accomplices who'd kidnap their jailed friend's cohabitor and wait until they are forced to sleep by sheer exhaustion.
Is there a risk that any authentication scheme could be bypassed by transferring the "Autenticatedness" from someone else, or does the magic system forbid that somehow?
In any case, some kind of magical version of the bracelet lock sounds like a good idea, if you can think of one.
Transferring authenticatedness doesn't work, so that's not going to be an issue.
I can't think of a way to magic up the bracelet to work like this, unfortunately.