8 April 2005
From: Lucky Green <shamrock at cypherpunks.to> Sent: Friday, April 08, 2005 04:12 To: 'cypherpunks@al-qaeda.net'; 'cryptography@metzdowd.com' Subject: CFP: What the Hack '05 and Blind Signature Expiration Party [Please forward as appropriate] Call for Participation: Cypherpunks at "What the Hack '05" and "Blind Signature patent expiration party". As every four years, this year features "What the Hack (WTH)", a Dutch outdoors security and hacker conference hosted in the tradition of HEU '93, HIP '97, and HAL 2001. http://www.whatthehack.org/ HIP '97 and the Summer that surrounded it represented a pivotal event in my and many other attendee's lives. 1997 was the peek of the Crypto Wars: while strong cryptography was spreading rapidly throughout the world from authors outside the U.S., most, if not all, I consider dear friends, the U.S. Government continued to insist on imposing draconian export regulations. 3DES? 1024-bit RSA? Forget it. In about May '97, PGP, Inc. released printed copies of the PGP 5 source code in full compliance with the U.S. export regulations in effect at the time. Electronic copy was illegal, but printed books were fine. Having attended the source code release event, at a Cypherpunks meeting, I walked away with two copies of the printed source. The source code books spanned many boxes. I hurt my back lifting those heavy boxes into the trunk of my car. My back to this day never fully recovered. Equally in compliance with the export laws, I immediately fedexed those boxes at my own expense to individuals in Europe standing by with scanners equipped with sheet feeders to OCR the source. Three months later, the OCR effort had stalled. While most pages had been OCR'ed, passing the per-page checksums, many pages remained unprocessed. In some cases this was because one of the numerous proof readers failed to return the result. In the more challenging cases it was because the checksum differentiated between spaces and tabs. We learned that consumer-level OCR programs are dismal at differentiating between 5 or 6 leading spaces. Or a tab. At HIP '97 on a camp ground near Amsterdam, many breakthroughs happened. - I organized a industrial-size tent, complete with full (free) bar and DJ, for Cypherpunks types. - The all-night DJ, and at least in part the free bar, drew a number of walk-ins, including some young smartcard hackers that pointed out to me that the ISO 7816 smart card specifications required the card to report a different error code depending on whether a file on the smart card file system did not exist or was blocked from read access. And by the way, the key space is only two bytes wide. It is this kind of crack in the armor into which a cryptanalyst will find it irresistible to insert a crowbar. If it weren't for this revelation over a glass of Single Malt and the much deeper investigations that followed, COMP128 would still be considered to be a good authentication and key generation algorithm and GSM would still be considered secure from cloning and eavesdropping. - The discussions on the Cypherpunks list in the preceding year or two had made it clear to those paying attention that MIX-style remailer networks, as promising as they appeared at first, are a dead end against a motivated adversary. The better approach, and the only alternative known at the time, was to apply the lessons learned from DC nets to establish mailbox servers that used XOR chains to obtain the content dropped into public read-access boxes. I gave a talk at HIP '97 that detailed a system that implemented this concept (*). The concept I introduced at HIP '97 is by now well-know and since has not just been given a name, but has turned into an entire field of academic research: Private Information Retrieval (PIR). (*) Credit for the ideas behind this presentation go to an individual that so far has chosen to remain anonymous. - With the attentative audience still mentally digesting the novel concept of PIR, I took the opportunity to add a "Ceterum censeo Carthaginem esse delendam". My precise words, if I recall correctly, were: "Come Hell or high water, before HIP is over, the proofreading of the PGP source code *will* be completed". Followed by a call for non-U.S. citizen volunteers to report to the Cypherpunks tent to finish the job. And finish the job they did. Visualize a scene most akin to "The Matrix", with a gaggle of volunteers frantically working on a row of computers held up by beer crates, writing scripts to brute force the OCR output past the checksums, while a raging party with dancers literally hanging off the rafters took up the core of the tent space, music blasting from the sound system in the early morning hours. Special thanks go to Ian Grigg, who lead the team of volunteers. On the last day of HIP, the last page of the PGP 5 source had passed the last checksum. As the volunteers retired to bed after in most cases over 48 hours of straight work, one lone hold-out decided that now that the source code had been legally exported and turned into electronic form, somebody ought to compile it. He proceeded to compile the PGP 5 source on a PC that I had hand-carried to HIP in my luggage. The source compiled without errors. I was sound asleep at the time. By the time I woke up, cryptography had entered a new era: the U.S. Government, and in fact the entire world, woke up to a day from which on the only path remaing to stem the flow of strong crypto out of the U.S. was to ban books. And even the staunchest advocates of cryptographic export regulations knew that albeit the U.S. Supreme Court Justices may perhaps be bamboozled by declarations of the dangers of this new "Internet" thing, banning books was a proposal not in the least novel to the Court, standing no chance of meeting with the Justices approval. Cornered into an untenable position and with no help from the courts in sight, the U.S. Government eventually acknowledged the inevitable and relaxed the exports laws for strong cryptography to the point of insignificance in January of 2000. Eight years have passed since HIP '97, to be succeed by WTH '05 this year. While I don't really need the distraction, I could be convinced to organize another Cypherpunks, crypto, and security tent. Perhaps the most valuable lesson I learned at HIP '97 was the value of education. I received unexpected and invaluable education from two teenagers. I, and the many of us that made up the Cypherpunks contingent, provided much valuable educations to others. There exists an entire new generation that wasn't around in 1997, hungering for education, that could benefit from our knowledge. If we don't teach them, who will? If you are interested in joining the "Cypherpunks" tent at WTH during July 28-31 2005, please email me. If there is enough interest, I will organize another presence. http://www.whatthehack.org/ Sidebar: "Free at last. Oh Lord. We are fee at last" (Also known as the "Blind Signature Patent Expiration Party") Some of you may rememember the RSA patent. Yes, there was a time when you couldn't use RSA inside the U.S. without paying licensing fees to RSA DSI. Many that were around at that time were not too happy about this fact. But at least you could pay somebody money to use RSA. If you had a valid business model, paying licensing fees may have be unpleasant, but using RSA was not insurmountable. There is another patent that is every bit as significant as the RSA patent. More so, perhaps. Unlike the RSA patent, this patent has not been available for licensing at any price, stymieing an entire field of research and wide swaths of commerce. This patent is U.S. Patent 4,759,063 "Blind Signature Systems". http://www.pat2pdf.org The Blind Signature patent is not just any patent. This is *the* patent. Without the invention covered by this patent, there is no hope for online privacy. With this technology, the opportunities not just for privacy, but also for commerce, are endless. Countless visionaries have spent years of their lives, in some cases decades, trying to make those opportunities a reality only to run up against the fact that for reasons that would be worthy of a book, the patent could not be licensed. U.S. Patent 4,759,063 "Blind Signature Systems" will expire on July 19, 2005. A Tuesday. Since no patent litigator will consider litigating on a Monday morning over patent infringement for a patent that expires the next day, it appears safe to say that come the preceding Saturday, technologies that make use of this patent can be displayed to the public. That Saturday is July 16, 2005. It took us 20 long years to get to this date. For those of us that tried to use this technology, it was 20 very, very long years. Fortunately, the 20 years are over. Which is as much reason for celebration as I can imagine. The expiration of the Blind Signature patent surely calls for a party. And as I promised so many years go, I will take it upon myself to throw that party. Anybody that knows what blind signatures are is welcome, no, make that implored, to come to the expiration party at my house (or other venue if there are too many people for my place) to celebrate the expiration of the patent on Saturday, July 16. As for me, I am counting the days. Ping me for details. --Lucky Green <shamrock at cypherpunks.to>