Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Here’s roughly the idea: Alice encrypts a file with key K and gives both to Bob, saying he should only use it to decrypt the file if something happens to Alice. To make sure he doesn’t use his key too early, Alice wants to write an algorithm that when Bob tries to decrypt her file, she receives an email, and only if she does not take some action within a certain time (like 48h) will Bob be able to proceed with decrypting the file.
Is such a thing possible at all without a trusted third party?
Not in the negative form you’ve created. Bob has all the pieces required to decrypt the data. Once you have given a party all the pieces, there is no mechanism by which you can prevent them using those pieces (other than hoping that they will only use your software; security through hope is not a strong authentication). This is much of what escrow services (i.e. trusted third parties) exist to manage, not just in the data world, but the real world.
BTW, when designing security protocols, you probably want to get rid of even thinking in terms of “sends an email.” This tends to lead to wrong thinking about the protocol. What you mean is “sends a message to Alice.” The fact that the message is encoded as an email is completely irrelevant, and is likely to get you thinking in terms related to email implementations.