Re: lockable trapdoor one-way function

From: Simon Johnson (Ckwop_at_hotmail.com)
Date: 11/27/03 

Date: 27 Nov 2003 00:22:37 -0800

Peter Fairbrother <zenadsl6186@zen.co.uk> wrote in message news:<BBEAD258.3F7D0%zenadsl6186@zen.co.uk>...
> Tom St Denis wrote
>
> >
> > "Peter Fairbrother" <zenadsl6186@zen.co.uk> wrote in message
> > news:BBEABDF0.3F79C%zenadsl6186@zen.co.uk...
> >> Does anyone know of a trapdoor one-way function whose trapdoor can be
> locked
> >> after use?
> >>
> >> It can be done with secure hardware and/or distributed trust, just delete
> >> the trapdoor key, and prove (somehow?) you've deleted it.
> >>
> >> It looks hard to do in "trust-the-math-only" mode...
> >
> > You'd need a secret sharing PK scheme [can't think of one] where neither
> > party alone has the entire secret trap door data.
> >
> > Then provided the two parties don't collude again you have achieved the
> > goal.
>
> That's distributed trust again, not "trust-only-the-math".
>
> I've a pretty good idea of one way to do it, but it's a whole lot of work to
> put the idea into practice, analyse it, prove it secure and so on. I was
> hoping someone else had already done the work.

You can't do it in the math alone. Once you know something, you can't
unknow it mathematically. You need some kind of physical destruction
of that information.

What's the application you intend to use it for, perhaps we can get a
better understanding of what you want from the application.

Simon.