[E-Lang] MintMaker with ACLs
Wed, 31 Jan 2001 14:01:14 -0500
Mark S. Miller wrote:
> In fact, in terms of the kinds of vulnerability MarcS explains -- reliance
> on the Mint or Bank, the MintMaker is vastly closer to Hal's bank than it is
> to MarcS' example -- physical cash.
> Cash has better security properties than seem possible in the electronic
> realm. The MintMaker is not only vastly weaker than cash, it is vastly
> weaker than possible electronic monies, as the text introducing the
> MintMaker should make clear. Finally, I believe the MintMaker is somewhat
> stronger than Hal's bank for reasons related to MarcS' message, but I
> haven't yet had the time to examine Hal's bank closely.
> At 11:46 AM Tuesday 1/30/01, Marc Stiegler wrote:
>> This new version may or may not answer an issue that I have that is not
>> quite Tyler's issue, though it is related to the difference between a mint
>> that makes money and a bank that tracks people's accounts.
>> Physical metaphor: My car breaks down in the Appalachians, a barefoot
>> 14-year-old kid comes down from a ramshackle shanty and helps me get it
>> started. I give him a 20-dollar bill as thanks for helping out.
> The security properties of this put anything possible with computers to
> shame. (Assuming non-counterfeitable bills, of course.)
This reminds me of something I was thinking of bringing up anyway.
What would be the effect of quantum computation on the basic design of
security systems? It is clear that the effect would be substantial, but
would it be total? That is, could old principles and designs still be
used, with relatively small changes to block new threats and exploit new
possibilities, or would you have to basically start over from scratch?
Is the design of E one that would survive?
Quantum computing would allow new threats to security, and new
capabilities, some of which might be completely impossible in
An example of a new threat would be the fact that quantum computers are
known to efficiently solve some problems believed to be very hard for
conventional computers. The most famous of these if factoring the
product of two primes, but there are others. Anything that relied on the
difficulty of such a problem for its security would be compromised.
More interesting to me are the new possibilities.
For instance quantum cryptography allows transmission of information
that absolutely cannot be intercepted. A one time pad is perfectly
secure, once it has been distributed, but the parties have no way to
know if someone has made a copy. Quantum states, however, are known to
have the property that they cannot be copied by any physical process
whatsoever, so using them it is possible for Bob and Alice to be sure
that they have the only two copies of the key.
It is possible to build objects that have many of the properties desired
of a coin. For instance, quantum states, though they cannot be copied,
can be transferred. If Bob and alice each have half of a sufficient
number of generic objects called EPR pairs. They can transfer any
quantum state from Bob to Alice using only classical communication
(which need not be encrypted as it is random already), Alice obtains a
copy of the object Bob had, while Bob's version is inevitably destroyed.
The EPR pairs required for this need to be distributed to to Bob and
Alice from a common source, but neither the source nor the means of
distribution need be trusted, any attempt to copy or tamper with the
pairs will ruin them. This is the "quantum teleportation" there was such
a fuss about lately.
I think there are also methods that would allow a coin to be verified as
valid, without allowing individual coins to be tracked (or distinguished
one from another). I'm not sure to what extent a trusted third party is
required for this, but I'm pretty sure that if one is required, there
are fewer things he needs to be trusted to do (or not to do) than with
phisical or clasically computational money.
Of course this technology seams a long way out now. The biggest quantum
computing device build so far has less than 5 bits, runs at a millionth
of a degree above absolute zero, and doesn't work for very long. No one
really even knows if quantum computation will ever be practical.
It might seem premature to worry about this sort of thing now. I don't
think it is at all premature.
Security infrastructure needs to last a long time. If a language
designed now lacks the expressiveness to describe a behavior that it
becomes possible to implement after the language becomes widely popular,
the realization of the new possibilities could be seriously inhibited.