← Back to context

Comment by kragen

2 years ago

there are a lot of hard security problems that become easy if you can introduce an incorruptible 'trusted third party'. often the computations involved are pretty trivial and involve tiny amounts of data

want to find out which of your friends have secret crushes on you? you all tell trent, and then he tells you which of your crushes also have crushes on you, and also tells them

want digital money without double-spending, privacy invasion, or money supply inflation? just let trent keep track of what everyone's balance is. to pay someone, tell trent how much you want to pay them, and he'll decrease your balance and increase theirs. trent promises not to increase anyone's balance without decreasing somebody else's by the same amount

want to buy a good at the welfare-maximizing price? use a second-price auction: everyone privately tells trent their bid, and trent announces the winner (the person who bid the highest) and the price (the highest losing bid). that way bidding lower never gets someone the same good at a lower price; it just decreases their chance of winning

want to play poker with some people you don't trust? trent mentally shuffles the deck and tell you what cards he's dealt you (and what other cards are visible, in some variants). at the end of the round, he announces what cards were in every hand that didn't fold, and who won

there are an infinite number of problems like this

the trouble with trent is that any human 'trent' is corruptible, and trusting them with secrets gives them more power, and absolute power corrupts absolutely. the humans faff around with checks and balances and institutions and oaths and whatnot but they're pretty fragile. cryptographers have often designed clever protocols which solve individual problems from this infinite set, and some of them are secure

fhe makes it possible to construct an incorruptible 'trent': everybody can see the program, everybody can verify the operation of the program step by step, but nobody can see the data. it's almost a fully general cryptographic protocol design primitive

i forget who it was that explained this to me. i thought it was nick szabo but i can't find the essay now

0 comments

kragen

Reply