1

I'm looking for a way to publish a message, so that it will only be publicly known after some time (let's say a few minutes). Even I shouldn't have the power to prove what my message was, before this time passes.

I was thinking of something like:

  • the message is encoded using my private key, then published in this encoded way
  • (I could prove what the message is by revealing my private key, but I really don't want to reveal my private key)
  • the message can also be recovered by some kind of brute-forcing, that is known to take some time
  • this brute-forcing doesn't reveal my private key, only the message

Is there a way to do this?

Filip Sondej
  • 11
  • 2
  • 3
    Does this answer your question? Is it possible to make time-locked encrytion algorithm? and Time Capsule cryptography – knaccc Jan 28 '23 at 01:03
  • @knaccc it's on a right track, but I think it doesn't fully solve this. The proposed solutions seem to only guarantee that other people can't disclose my secret before the target time.

    But here, even I want to be unable to prove what the message was, until the time passes. This is a considerably harder problem.

    Unless there's something about the techniques that I didn't understand?

     – Filip Sondej Jan 30 '23 at 06:02
  • Once you choose a time-lock approach that eventually reveals the private key, your question can be simplified as "can I encrypt a message with a private key such that I cannot prove what the message is without the private key?". Regular encryption works like that - you can't tell anything about the ciphertext without the private key (other than the maximum length). So, you encrypt, then discard the private key, and then when the private key is revealed after the time-lock period only then can it be decrypted. – knaccc Jan 30 '23 at 08:13
  • @knaccc OK, I was a bit confused but I think I know what to do now. So I can't encrypt WITH the private key, because it can be decrypted with my public key (it's the same as signing). I also can't encrypt with my public key, because then, I could just declare what the message was, and people can verify that, because they know my public key. – Filip Sondej Jan 31 '23 at 23:46
  • @knaccc The solution is to encrypt the pair (message, my private key) with my public key. Now revealing the contents would reveal my private key which I don't want. It still doesn't solve my original problem, because at the end the private key is revealed, but after some thinking I now don't see this as a problem for my use case. Thanks for help! – Filip Sondej Jan 31 '23 at 23:46
  • "So I can't encrypt WITH the private key, because it can be decrypted with my public key" -> if you use your private key as a symmetric key for encryption, then that can't be decrypted with your public key. Btw, it happens quite frequently here that people try to simplify the question, but it ends up being counter-productive because they will have all sorts of requirements that derail attempts to try and provide a solution. I don't know why you can't have a one-time private key just for this particular purpose, and there is a lot of guesswork involved to understand what you're doing – knaccc Feb 01 '23 at 05:24
  • Ah you're right, I didn't provide enough detail here. It's just that my full problem had quite a lot of context, so I tried to distill the core. At the end I ended up choosing a solution from a very different angle. Re symmetric cryptography: yeah, I forgot about that, good point. (And to clarify - I was fine with having one-time private keys - the crucial part was somehow disincentivising the sender from revealing the private key, so that the message CERTAINLY won't be publicly known before some time, even if the sender wants that.) Anyway, thanks, your comments helped :) – Filip Sondej Feb 02 '23 at 09:02

0 Answers0