At 11:33 PM -0700 4/12/00, Tim May wrote:
I should have added another important link between crypto and
economics: the awarding of prizes for breaking ciphers. Sometimes the
prize is intangible, sometimes it's fame, sometimes it's $1000,
sometimes it's much more. Even snake oil makers are offering prizes.
R, S, and A offered a challenge in the late 70s, only finally broken
several years ago (a Cypherpunks list member was on the team that
broke/factored RSA-129).
The fact that a prize is offered, and publicized, may result in many
times the amount of the prize being committed in resources. A $1000
prize for the first human-powered flight of some type may well result
in millions of dollars' worth of labor, equipment, and grants.
Because the prize has prestige, because it's a target, and because
people understimate the difficulty (perhaps). The same is true of
crypto cracking challenges and prizes, when they are accepted as
valid. (Many snake oil challenges go unanswered.)
The longer a prize goes unclaimed in this situaton, the more robust
the crypto looks. Same idea as a challenge to break into a safe. Same
idea that the longer a bank goes unrobbed, the more secure it is. The
longe a cipher goes without being broken or shown to have weaknesses,
the more _belief_ there is that it in fact has no weaknesses.
[see note below]
An incentive system (there's the economics) for cryptographic attacks.
With multiple attackers (economics again), thus avoiding the problems
when in-house teams try to attack the systems of their own company or
group.
A formal statement of this in terms and economist would understand is
probably possible. Stuff out of Samuelson and all.
[Note on "economic proofs of strength." There are pitfalls in
assuming that years and years of attack mean a cipher is strong or
that an unproved theorem is true. Just because no one has found a
counterexample to Fermat's Last Theorem does not make it true, though
most mathematicians believed it was probably true. A cipher may be
believed to be strong up to the moment it is broken and shown to be
weak. This kind of brittleness is common for some kinds of ciphers,
though factoring is believed not be this brittle: no one expects a
sudden breakthrough, just various speedups. No one expects that
factoring 1000 decimal digit numbes will suddenly become easy.]
--Tim May
--
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
"Cyphernomicon" | black markets, collapse of governments.