David Chaum Digital Money...Doors2
D i g i t a l M o n e y
Speakers | Conference Report | Doors 2 | Mediamatic Index
I n t r o d u c t i o n
The question I'd like to address is an urgent one, in my view. It may be a design question and it's one we can all have a significant amount of influence on. Today, in the physical world, you may have only a few grocery stores, insurance agents, travel agents, banks and so forth that you visit. Each one of those goes out into a much broader community of possible sources of groceries and sales, perhaps on a national market.
You may be connected to only one cable TV system, but they have access to programming material from all over the world. The real question is: how can that be organised in cyberspace? More fundamentally, what are the restrictions? What structure can be imposed on cyberspace? And how can people protect themselves in cyberspace? These issues are really one and the same.
5 0 0 C h a n n e l s v s T h e Op e n N e t M o d e l
Let me begin very concretely by looking at two scenarios, the first of which you may have heard about this morning. According to these people's vision of cyberspace, there are intermediaries between you and the rest of the world, much like in the physical world today. They choose which services to offer you, which information to provide and so forth and send you a bill at the end of the month. This is the so-called 500 channels model.
There's a fundamentally different model that I call the open net model. Essentially, in this model, people can go out onto the whole Net and get whatever services they want. So you can choose a bank out of the whole set of the banks in the world, for example. And there's no intermediary between you and the Net. I'll return to those two models after dealing with some theoretical aspects of these issues.
-
(Unfortunately not all the matching images are already available to us --ed.)
Several types of information protection mechanisms are available to us. I'll start with this one, which bears some resemblance to the headend model. In this diagram, each one of these captions may be considered as a person with their own computer. They're able to exchange messages with some party they all trust. Of course, that's a unrealistic model, because it assumes that there is one person or one computer in the world that everyone trusts fully. And if everyone can communicate with that computer securely, then you can solve any information security problem. For instance, suppose we wanted to have an election here in this auditorium. If there was one party that everyone trusted completely, we could each tell him our vote. He would stand up and say who won the election. And we would trust him not to reveal who voted which way and not to mislead us about the outcome. But I never heard of an election being run that way. It's sort of the Clipper model of how to do information security. But it's a very powerful model. It's like the Turing machine of information security. Because if you have this situation, you can solve any information security problem whatsoever. Just like the Turing machine can do any computation.
But there is a fundamentally different approach to solving these information security problems, one based on new types of cryptography and coding called public key protocols. Essentially, what my group in Amsterdam and others have been able to prove mathematically is that with these coding techniques, it's possible to do everything that you could do with that mutually trusted party but without any mutually trusted party, simply by exchanging properly coded messages according to an agreed protocol. More specifically, we assume all the participants agree on what that trusted party should be doing. We write a computer program to do that and by exchanging encryptic messages, we simulate the running of that computer program without ever actually having run it on any physical machine. It's just simulated by the interaction between the parties. What we've really proven is that with modern information technology we can solve any information security problem just by letting each person have their own computer. Let them use their own computer to protect their own interests. There is no need at all to have any mutually trusted mechanism. I'll show you some examples of that later.
Let's revisit the headend and the other model briefly and see what this means. In the headend model, the implicit assumption is that you need a headend to find out how much each person uses and to bill them. How else could you securely find an accounting system or access information?
Speakers |
Conference Report |
Doors 2 |
Mediamatic Index |
Next Page > > >