All of these papers are in very rough work-in-progress form. You should reference them as working drafts; please consult with the author as to current status. Comments are welcome as are suggestions for publication!
Sorted roughly by current working status. Postscript is sometimes available with an uppercase PS suffix and this may be recommended for Internet Explorer users as that browser does not display the HTML very well.
Abstract.
Analysis of the architecture and message flows of Instant Messaging and Payments systems reveal that they are very similar; more so than would be expected for applications that are nominally separated in the user's minds.
This paper examines merging payments and messaging for the Internet.
In terms of Financial Cryptography, this paper presents a core result based on merging payments and messaging. The system has been built and it works. The results indicate that much of the last two decades work in automated systems in trade may have been unbalanced at minimum, and likely impractical.
Also see the FC rant, for more on what I was trying to say in this wip.
Abstract.
Open Governance is a form of security whereby a business engages partners and the user public in protecting assets under management. Open governance arose in the unregulated environment of Internet Payment Systems.
Yet the techniques developed are universally applicable, and in some cases have decided advantages, even when applied to the regulated or non-payment sectors. Use of these techniques and the overall philosophy, in concert with conventional techniques, can reduce dramatically internal risks and costs.
Public Key Infrastructure (PKI) has now passed its first decade of activity on the Internet, but has yet to break out of pathetically small revenues. Reasons and factors contributing to the failure are many and varied. Is it that the PKI is a solution looking for a problem? That it doesn't solve the problems that it claims? Or that it is too expensive? Perhaps the military objectives failed to cross-over to the commercial sector?
This review attempts to list all of the issues that are unresolved, contentious, or questionable, at least as they are known to this author.
I've been collecting information on the flaws in PKI - public key infrastructure - for many a year now. Many researchers have written quite strong papers on single aspects, but nobody that I know of has dared to collate and integrate these criticisms. At some point, this list should be edited and cleaned out of its skeptical personality, and submitted for publication as a review.
Abstract.
What is security?
Collected random thoughts and models.
Note that the bulk of the content was moved into The Market for Silver Bullets at revision 1.17.
See also Pareto-secure and The Market for Silver Bullets.
Abstract. The patterns paradigm has arisen in the object oriented world to document those coding tasks that seem to repeat frequently enough to need common names and common architectures. Patterns, once documented, assist communication, and provide shortcuts to existing code.
Cryptographic coding is a small subset of coding. It includes many tasks of a very varied nature, in part because the demands of the higher level application are so varied, and so divergent from the nature of cryptography. Yet, patterns emerge.
This draft note is a first cut attempt to list those patterns, with some brief explanation of each.
Abstract.
Opportunistic Cryptography can be used to protect a wide variety of applications. It has come to the fore with successful applications such as SSH and OpenPGP. It stands in contrast to more statically minded, no-risk approaches such as SSL, which has been deployed only at unacceptable expense.
We introduce a framework to compare different approaches and levels to opportunistic distribution of keys We call this SPOCK ratings, as a catchy acronym. Each increasing number indicates a better and more intelligent protection for the application.
SPOCK is Self-Protection using Opportunistic Keys. It was knocked out on the basis of there being a layered set of advances in key use, but whether it hangs together is an open question.
Also see the Financial Cryptography Blog and the main published Papers Page. I now run a pre-publication review circle called Advances in Financial Cryptography. If you have a draft in good reading order, ready for some peer-help in getting it polished, let me know.