[E-Lang] MintMaker with ACLs

Ralph Hartley hartley@aic.nrl.navy.mil
Wed, 31 Jan 2001 14:01:14 -0500

Mark S. Miller wrote:

> In fact, in terms of the kinds of vulnerability MarcS explains -- reliance 
> on the Mint or Bank, the MintMaker is vastly closer to Hal's bank than it is 
> to MarcS' example -- physical cash.
> Cash has better security properties than seem possible in the electronic 
> realm.  The MintMaker is not only vastly weaker than cash, it is vastly 
> weaker than possible electronic monies, as the text introducing the 
> MintMaker should make clear.  Finally, I believe the MintMaker is somewhat 
> stronger than Hal's bank for reasons related to MarcS' message, but I 
> haven't yet had the time to examine Hal's bank closely.
> At 11:46 AM Tuesday 1/30/01, Marc Stiegler wrote:
>> This new version may or may not answer an issue that I have that is not
>> quite Tyler's issue, though it is related to the difference between a mint
>> that makes money and a bank that tracks people's accounts.
>> Physical metaphor: My car breaks down in the Appalachians, a barefoot
>> 14-year-old kid comes down from a ramshackle shanty and helps me get it
>> started. I give him a 20-dollar bill as thanks for helping out.
> The security properties of this put anything possible with computers to 
> shame.  (Assuming non-counterfeitable bills, of course.)

This reminds me of something I was thinking of bringing up anyway.

What would be the effect of quantum computation on the basic design of 
security systems? It is clear that the effect would be substantial, but 
would it be total? That is, could old principles and designs still be 
used, with relatively small changes to block new threats and exploit new 
possibilities, or would you have to basically start over from scratch? 
Is the design of E one that would survive?

Quantum computing would allow new threats to security, and new 
capabilities, some of which might be completely impossible in 
conventional computation.

An example of a new threat would be the fact that quantum computers are 
known to efficiently solve some problems believed to be very hard for 
conventional computers. The most famous of these if factoring the 
product of two primes, but there are others. Anything that relied on the 
difficulty of such a problem for its security would be compromised.

More interesting to me are the new possibilities.

For instance quantum cryptography allows transmission of information 
that absolutely cannot be intercepted. A one time pad is perfectly 
secure, once it has been distributed, but the parties have no way to 
know if someone has made a copy. Quantum states, however, are known to 
have the property that they cannot be copied by any physical process 
whatsoever,  so using them it is possible for Bob and Alice to be sure 
that they have the only two copies of the key.

It is possible to build objects that have many of the properties desired 
of a coin. For instance, quantum states, though they cannot be copied, 
can be transferred. If Bob and alice each have half of a sufficient 
number of generic objects called EPR pairs. They can transfer any 
quantum state from Bob to Alice using only classical communication 
(which need not be encrypted as it is random already), Alice obtains a 
copy of the object Bob had, while Bob's version is inevitably destroyed. 
The EPR pairs required for this  need to be distributed to to Bob and 
Alice from a common source, but neither the source nor the means of 
distribution need be trusted, any attempt to copy or tamper with the 
pairs will ruin them. This is the "quantum teleportation" there was such 
a fuss about lately.

I think there are also methods that would allow a coin to be verified as 
valid, without allowing individual coins to be tracked (or distinguished 
one from another). I'm not sure to what extent a trusted third party is 
required for this, but I'm pretty sure that if one is required, there 
are fewer things he needs to be trusted to do (or not to do) than with 
phisical or clasically computational money.

Of course this technology seams a long way out now. The biggest quantum 
computing device build so far has less than 5 bits, runs at a millionth 
of a degree above absolute zero, and doesn't work for very long. No one 
really even knows if quantum computation will ever be practical.

It might seem premature to worry about this sort of thing now. I don't 
think it is at all premature.

Security infrastructure needs to last a long time. If a language 
designed now lacks the expressiveness to describe a behavior that it 
becomes possible to implement after the language becomes widely popular, 
the realization of the new possibilities could be seriously inhibited.

Ralph Hartley