[cryptography] OTR and deniability

lodewijk andré de la porte lodewijkadlp at gmail.com
Tue Jul 19 03:24:43 PDT 2011 

I had a laugh here, though you were talking of the film "A few angry men"
which to me somehow equals "12 angry men". This was somewhat confusing
because (spoiler alert) in that film a boy is nigh executed however because
someone decided to first carefully weigh all the evidence against him, none
of it seemed undeniably true and therefor by the reasoning of "innocent
unless proven otherwise" they couldn't reasonably sent a child off to die.

The same plausible deniability that OTR seems to offer, by making is
possible to falsify perfectly a set of logs it becomes impossible to say
that any log is accurate. You can converse and the text you produce is as
false as it is true. The real life problem isn't with your own logs however,
it the ones that our kind governments (order company's or organisations to)
keep.

Repudiation is a word I've never heard of and after slight research it seems
something obvious without reason for discussing it. Simply whether one can
state he didn't do it, when something is "signed" (that's usual term for it)
it is combined with a key supposedly known only to it's "owner",
the likelihood of someone else figuring out what the key was or finding the
key otherwise should be so low that it can be called "certain". At least for
a certain amount of time that suffices for the data at hand, in a war for
example a 90 year decode time[1] is very acceptable and in a financial
transaction valuing 40 dollars 2k worth of electricity isn't worth it[2].
What logically follows from those facts is that "non-repudiation" is present
for a certain amount of time[3] depending on the value of that which is to
be (not) repudiated, no one needs to state otherwise and the result is quite
obvious.

Disclaimer: Before this conversation I've never heard of OTR or repudiation.

Best regards,
Lewis Andre de la Porte

[1] including increasing proccessing power
[2] in a crypto-financial system one has to prove his/her identity with key
(usually) anyone who can provide the key is that person, and can therefor
get his/her money. Faking a key costs processing power which costs regular
power which, lucky for our sanity, still costs wealth to produce. Simply
outweighing the gains and the costs should render the theft "impossible"
[3] this is another example where money can translate to time can translate
to money.

2011/7/19 Eugen Leitl <eugen at leitl.org>

> ----- Forwarded message from Ian G <iang at iang.org> -----
>
> From: Ian G <iang at iang.org>
> Date: Tue, 19 Jul 2011 09:48:37 +1000
> To: Crypto discussion list <cryptography at randombit.net>
> Subject: Re: [cryptography] OTR and deniability
> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6;
>        rv:5.0) Gecko/20110528 Thunderbird/5.0b1
> Reply-To: Crypto discussion list <cryptography at randombit.net>
>
> Back in the 1980s, a little thing called public key cryptography gave
> birth to a metaphor called the "digital signature" which some smart
> cryptographers thought to be a technological analogue of the human
> manuscript act of signing.
>
> It wasn't, but this didn't stop the world spending vast sums to experiment
> with it.  They still are, in Europe.  Oh well, that would have been OK as
> long as it didn't hurt anyone.
>
> But it gets worse.  Those same cryptographic dreamers theorised that
> because their mathematics was so damn elegant, the maths couldn't lie. So,
> they could promote a "non-repudiable signature" as a technological advance
> over ink & quill.  The maths was undeniable, right?  Although these days we
> know better, that "non-repudiation" is a crock, we still have people
> running around promoting it, and old text books suggesting it as an
> important cryptographic feature.
>
> Repudiation is a legal right, it's a valuable option within dispute
> resolution, not a mathematical variable to solve out of the equation.
>
> You can't mathematise away legal rights, any more than you can democratise
> poverty away in the middle east, nor militarise pleasure away in a random
> war on drugs.
>
> OTR makes the same error.  It takes a very interesting mathematical
> property, and extend it into the hard human world, as if the words carry
> the same meaning.  Perhaps, once upon a time, in some TV court room drama,
> someone got away with lying about a document?  From this, OTR suggests that
> mathematics can help you deny a transcript?  It can't.  It can certainly
> muddy the waters, it can certainly give you enough rope to hang yourself,
> but what it can't do is give some veneer of "it didn't happen."  Not in
> court, not in the hard world of humans.
>
> I am reminded of a film _A few good men_ which is somewhat apropos of
> those two young kids wasting away in some afghan shithole that passes for
> military justice.  It's that well known scene where Cruise traps Nickolson
> in to undenying his repudiation:
>
>   Kaffee: *Did you order the Code Red* ?
>   Col. Jessep: *Youre Goddamn right I did* !
>
> http://www.imdb.com/title/tt0104257/quotes
>
> That's repudiation, real life version.  And that's what happens to it, as
> summed up by Kafee afterwards:  "the witness has rights..." Mathematics has
> no place there, as is shown by all the other muddy evidence in the case.
>
>
> On 16/07/11 6:52 AM, Meredith L. Patterson wrote:
> > On Fri, Jul 15, 2011 at 6:45 PM, Marsh Ray <marsh at extendedsubset.com
> > <mailto:marsh at extendedsubset.com>> wrote:
> >
> >     On 07/14/2011 01:59 PM, Steven Bellovin wrote:
> >
> >         Put another way, the goal in a trial is not a mathematical proof,
> >         it's proof to a certain standard of evidence, based on many
> >         different
> >         pieces of data.  Life isn't a cryptographic protocol.
> >
> >
> >     The interesting thing in this case though is that the person
> >     providing the plaintext log file is:
> >
> >     a) a convicted felon
> >     b) working for the investigators/prosecutors (since before the
> >     purported log file's creation?)
> >     c) himself skilled in hacking
> >
> >
> > Those bullet points are far more likely to be brought up at trial than
> > any of the security properties of OTR. Defense counsel has to weigh the
> > benefits of presenting evidence -- will it get some point across, or
> > will it be lost on the judge/jury?
> >
> > I submit that a military judge or a panel of commissioned officers (and
> > maybe some enlisted personnel) is unlikely to appreciate the finer
> > mathematical points, and more likely to fall back on "but there are
> > these logs, right there, and the feds say they're authentic." The
> > defense has plenty of Lamo's own documented actions to use to undermine
> > his credibility.
> >
> > There's much to be said for "baffle them with bullshit" (not that
> > there's necessarily any bullshit even involved), but a jury that doesn't
> > understand an argument is likely to dismiss it as bullshit.
> >
> > Best,
> > --mlp
> >
> >
> > _______________________________________________
> > cryptography mailing list
> > cryptography at randombit.net
> > http://lists.randombit.net/mailman/listinfo/cryptography
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
> ----- End forwarded message -----
> --
> Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
> ______________________________________________________________
> ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
> 8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the Testlist mailing list