Date authentication

In the slow-motion controversy over the gaps in the record of GW’s Texas Air National Guard Duty, the latest wrinkle has been the emergence of some damning documents that some people are concerned might be forgeries. While I’d be delighted to see Bush publicly embarrassed for shirking his military duty, I have to admit that the documents do look suspicious, and if they are forgeries, whoever is responsible is really fucking stupid.

But enough about all that. This got me thinking: today in the electronic world, there are ways to prove that you are the author of a document. But is there a way to prove that you authored the document on a certain date?

Currently, I don’t think there is a verifiable way to do this. But I can imagine a system that would make it possible.

First, we need to review the general ideas behind public-key cryptography (often abbreviated PKI, for “public-key infrastructure”). Traditional cryptography encoded a text using a single key, and both sender and recipient had to have copies of this key. Moving the keys securely was obviously a very serious problem.

PKI solves this. Everybody has two keys: a public key and a private key. The operations of these keys are complementary: a document encrypted with one’s public key can only be decrypted with the private key. So anybody can look up your public key, and secure the document so that only you can read it. Conversely, a document encrypted with one’s private key can only be decrypted with one’s public key. This allows you to “sign” a document electronically: your public key can be considered well-known, and can only be paired to your private key, so if a document can be decrypted by your public key, that’s evidence that it was encrypted with your private key, and either you wrote it or you left your private key lying around for someone to abuse.

Another important concept is the “secure hash.” A secure hash is a relatively short string of gibberish that is generated based on a source text. Each hash is supposed to be unique for each source text. It is trivial to generate the hash from the source text, but effectively impossible to work out what the source text might be based on the hash. Hashes can be used as fingerprints for documents. (Recently, a “collision” was discovered in a hashing algorithm, meaning two source texts resulted in the same hash, but it would still be effectively impossible to work out the source text or texts from any given hash.)

Now, PKI is fine for authenticating authorship, but doesn’t authenticate date of authorship. Not without some help.

PKI relies on key-servers that allow you to look up the public key of other crypto users. Imagine if we set up trusted date-servers to authenticate that a document was actually written when we claim it was written. It might work something like this: An author wishing to attach a verifiable date of authorship to a document sends a hash of that document to a trusted date-server. The date-server appends the current time and date to the hash, encrypts it under its own private key, and sends it back as a “dateprint. The author can then append the dateprint to the original document. If anyone ever doubts that the document was authored on the claimed date, they can decrypt the dateprint using the date-server’s public key; this will give them the claimed date and the document hash. The skeptic then takes a hash of the current document and compares it to the hash contained in the dateprint: if they match, then the current document is identical to the one submitted for dateprinting.

4 thoughts on “Date authentication”

  1. Apart from Bush’s guard duty brouhaha…which even I, who think Bush should never have been taken seriously as a candidate for any high office, think is a non-issue…there is a much more explosive charge moving toward critical mass.

    In a letter to the editor in this month’s Atlantic, an MD in Michigan somewhere points out that Bush exhibits all the classic signs of “presenile dementia”. He was highly articulate and not prone to mangling words up through his forties, whereas the lapses he exhibits on a regular basis as president (“confabulation”) are supposed to be telltale symptoms of this condition (a kind of Alzheimer’s type disease, but striking earlier in life).

    I don’t know what to think of this yet myself, but you can see more and more people latching onto this in the blogosphere and elsewhere. Do a search on “presenile dementia” and “president Bush”.

    It may fizzle out, but it could be explosive.

  2. Ken–

    I’ve heard the dementia story. I wouldn’t say that Bush was ever an eloquent public speaker, at least not since I’ve been exposed to him, but it’s an interesting argument nonetheless.

    Of course, if this story gains some traction and Bush needs to take a physical in order to prove he’s fit for duty, we may never find out for sure what’s up.

  3. According to the Atlantic article to which the letter was responding, Bush was much more articulate, and much less apt to stumble over big words, up until maybe ten years ago. I wouldn’t know myself.

    It is a potentially explosive issue, because the question of whether a POTUS candidate is moving into an Alzheimer-like condition is certainly a valid concern, but OTOH it could easily be abused or inflated. (I would much rather see Bush lose on the issues, and not on some trumped-up health issue)

    I expect Karl Rove already has two or three “independent” MDs lined up, ready to vouch for GWB’s health, just in case.

    Sorry to hijack your thread here….

  4. Hello all.

    The PsD hits are growing, so this might become a running issue. If it weren’t for the fact that POTUS has the authority to destroy nations with “pre-emptive” strikes, I would be quite content to give him the benefit of the doubt on this issue, BUT that is not the case. POTUS is too powerful a position to be held by anyone with a deteriorating mental condition.

    And especially in this case where the POTUS in question is starting from a deficit position at the outset.


    C. Helm, SI NY

Comments are closed.