I’m thinking about a fantasy setting that I expect to set stories in in the future, and I have a cryptography problem.
Specifically, there are no computers in this setting (ruling out things like supercomplicated RSA). And all the adults share bodies (generally, one body has two people in it). One’s asleep (insensate, not forming memories about what’s going on, and not in any sort of control over the body) and one’s awake (in control, forming memories, experiencing what’s going on) at any given time. There is not necessarily any visible sign when one party falls asleep and the other wakes, although there are fakeable correlates (basically, acting like you just appeared wherever you are). It does not follow a rigid schedule, although there is an approximate maximum period of time someone can stay awake for, and there are (also fakeable) symptoms of tiredness. Persons who share bodies still have distinct legal and social existences, so if one commits a crime, the other is entitled to walk free while awake as long as they come back before sleeping—but how do they prove it?
There are likely to be three levels of security, with one being “asking”, the second being a sort of “oh yeah? prove it” (“tell me something only my wife would know / exhibit a skill your cohabitor hasn’t mastered / etc.”), and the third being… something. Because you don’t want to turn loose someone who could be a dangerous criminal just because they were collaborating with a third party to learn information, or broke into the National Database of Secret Person-Distinguishing Passphrases, or didn’t disclose all their skills to some central skill registry—but you don’t want to lock up innocent people who made bad choices about who to move in with when they were eight, either.
Is there something that doesn’t require computers, or human-atypical levels of memorization/computation, or rely critically on a potentially-break-into-able National Database of Secret Person-Distinguishing Passphrases, which will let someone have a permanently private bit of information they can use to verify to arbitrary others who they are? (There is magic, but it is not math-doing magic.)
All personalities are given a pair of esoteric stimuli. Through reinforcement/punishment, one personality is conditioned to have a positive physiological reaction to Stimulus A and a negative physiological reaction stimulus B. The other personality is given the converse.
The stimuli are all drawn from a common pool of images like “bear”, “hat” or “bicycle”, so one half of a stimuli pair may be “a bear in a hat on a bicycle”. There’s a canonical set of stimuli, like a huge deck of cards, with all possible combinations, all of which are numbered. The numbers for my stimuli pair are tattoed on my body in some obscure location, like the sole of my foot.
If I need to prove my identity, I show my tattoo to the authority figure. It will read something like “1184/0346”. They pick out either image 1184 (bear in a hat on a bicycle) or image 0346 (a sword in a hill being struck by lightning), and show it to me. My immediate response will be either arousal or disgust, and they will know which personality I am.
Persons who share bodies still have distinct legal and social existences, so if one commits a crime, the other is entitled to walk free while awake as long as they come back before sleeping—but how do they prove it?
Is this a realistic cultural adaptation? In most human societies if you are stuck working or living with someone your social existence is somewhat shared. A person from your clan doing something bad is a also bad for your own reputation. If someone from your family committed a crime some legal traditions would hold you responsible. It seems much more plausible that society would consider the two people living in the same body to be legally treated at least like a married couple or brothers where in some past ones.
Given your constraints and assuming no cheap and easy test of distinguishing them, of all historical examples I can think of, only modern Western culture with its hyper-individual liberalism would bother with the impracticality of treating the two people like two fully distinct individuals. And even then they would have to give a family-like if not legal guardian-like relationship for the issue of making medical decisions. Not sharing your place of residence and ownership over it would be impractical, though perhaps there would be a strong norm of not going into the other guys part of the house.
Also as a minor note the culture would probably develop a norm of some sort of marker (perhaps clothes, jewellery) or face paint to show which of the two persons in currently in control. The distinction would be more or less universal not simply individualized so even strangers could tell this was two different persons. Think more “Ah I see your patron god is the first twin Jahu. Your cohabitor was here yesterday.” instead of “Aha James always wears his leather jacket you must be Harry!”. Using the wrong marker would probably at least as taboo as cross-dressing was in some past cultures.
I’m not trying to get too much into the cultural details here—certainly cultures vary in the setting. Some of them do treat cohabiting like it’s on par with marriage, and even arrange it through families (which makes sense: if we want to share grandchildren, we arrange for our kids to get married if they’re the opposite sex, but if they’re the same sex nonfantasy humans are out of grandchildren-sharing luck. In comes cohabitation!) But importantly, cohabitors cannot talk to each other. There is no way for them to socially pressure each other outside of self-destructive attacks or sternly written letters. You could hold someone responsible for what their cohabitor did, but this would only deter people who were compassionate enough to care about the fate of someone they cannot ever interact with—and, if they picked each other instead of being arranged, chose on the basis of not particularly desiring to ever interact with them again. (You don’t pick your friends as cohabitors: you pick people whose company you don’t care for with comparable danger tolerances and cosmetic features you want to include when you have your bodies conglomerated.)
Also, they don’t sleep, so “place of residence” dissolves for most people. They have typical hangouts, storage lockers, clubhouses and favorite restaurants and rental kitchens—but why bother maintaining an entire house? You don’t need a secure place in which to sleep; your cohabitor will look after your body while you’re unconscious. Medical decisions are also made a lot simpler by the magic system, although they don’t completely go away and there’s probably some plot to be had there.
Most people would probably adopt cosmetic markers, but how required these would be would certainly vary; I think your expectation here would be a reasonable way for one society to operate but too sweeping for all. This isn’t how we treat identical twins, who, while uncommon, are still a known feature of the real world. I look a lot like my sister to the point where one time I walked into her school and six of her friends mistook me for her; we were not then obliged to choose distinct ritual scarves and wear them at all times.
How much of a status symbol would a home be? Only the poorest don’t have a home? A home is a middle-class sort of thing? Only the rich? Only the very rich?
Each personality owns a bracelet with a combination lock. To prove you’re you, you unlock your bracelet. This is basically the password system, but localized, and now you just have to worry about making combination locks tamper-proof.
Unfortunately, physical locks interact very badly with the magic system. (In brief: “Lockedness” is a thing. If you are about average at magic, it’s a thing you can move from one thing you’re touching that is locked to another thing you are touching that can be locked but isn’t.)
Since it’s the only thing I know about the magic system, I suggest looking closely into what it means that X can be Y. (By “looking closely” I mean “exercise your authorial authority”.) Then tie the procedure to something that can’t be moved to anything that prisoners have around, other than the actual testing thing.
But the thing that keeps returning to my mind is that in our world we do quarantine innocent people if they carry dangerous enough diseases. I think you’d need a pretty high rate of evil-twinniness for a society not to take the easy way out and do the same. Even a very trustworthy person can fail to return to prison (?) by accident.
Anyway, I think pen-and-paper cryptography is your best guess, unless “encryptedness” and related properties are things that can be moved. Neal Stephenson’s Cryptonomicon has an example of a protocol that uses a deck of cards. (Which is imaginary but possible AFAIK.)
Cool! Do you remember the “performance” of the protocol? (That is, how much work it takes to exchange how much information, in approximate human-scale terms, and its approximate security in usual cryptographic language.)
Can you explain how broken it is to this layperson?
Warning: What follows likely has major technical errors—basically all I know about cryptography I learned from Cryptonomicon.
From the description, the random numbers are not evenly generated so that what should have a 1⁄26 chance of happening has a 1⁄22.5. And the output is heavily biased.
How much does that matter? We can easily decrypt Enigma with brute force right now. Is the difference in the amount of computing power to brute force Solitaire all that much different from what is expected?
In other words, encryptions with 256-bit keys are harder to crack than 128-bit keys. But is the problem with Solitaire 20-years-safe vs. 10-years-safe, or is it 20-years-safe vs. 12-months-safe?
Yeah… I guess as long as I’m postulating accomplices, I might as well postulate accomplices who’d kidnap their jailed friend’s cohabitor and wait until they are forced to sleep by sheer exhaustion.
Is there a risk that any authentication scheme could be bypassed by transferring the “Autenticatedness” from someone else, or does the magic system forbid that somehow?
In any case, some kind of magical version of the bracelet lock sounds like a good idea, if you can think of one.
The first thing that occurs to me is to decentralise the database, which incidentally is rather a computer-ish concept. Each person designates two or more Keyphrase Holders, with a separate password for each. For low-security situations, they have to give their passphrase to one KH; for maximum security, they have to convince all of them. Ten or a dozen passwords should not be beyond anyone’s memorisation capabilities in a world without shiny Internet distractions, and the KH can write them down—this gives you a lot of different DSP-DPs instead of one big one. Any given KH may be suborned or have his database broken into, but by the time you get up to a dozen or so that is unlikely.
Obviously this works best if you don’t have to physically drag the KH to the prison cell, or whatever, before you let the innocent one out.
To make this easier to memorize and more secure, you could have there be a much larger number of KHs. Their job is to be KHs; their identities are kept secret even from each other. Each KH has a certain property about the person’s password that they learn- e.g. its length, the number of vowels, the number of times the letter “a” appears minus the number of times a letter appears, etc. However, they don’t know the password itself; they only know the person’s answer to the question. When a person wants to be released, a certain number of KH’s, randomly selected, large enough that correct guesses or collaboration is unlikely, and all wearing hoods, are summoned to the person’s cell to figure out their identity.
You’d need to ensure that, following an incorrect guess, the same KH isn’t used again- or that the innocent person picks a new password. (Propagating password changes would be terrible- it would make sense to have very severe punishments for claiming to be another person. The first time would be standard jail processing- everybody innocent would need to go down a line of KH’s and tell them their name and the answer. This also highlights the main weakness of any possible system- the need to have verified who is who when dealing with the initial passwords, since criminals would presumably immediately go to sleep following crimes, or claim to have just woken up.)
Give everybody training in a particular skill during their childhood: Juggling, acrobacy, calligraphy, drawing, playing a particular instrument—or even something more esoteric like doing figures with a Yoyo or a Diabolo, or doing pool tricks, or tricks with a socker ball; anyway something require a good amount of motor skills and training; and also make sure that no cohabitor pair has skills that are too similar (like calligraphy and drawing, or acrobacy and soccer tricks, or the violin and the bass).
Then have a taboo against learning those skills outside the “official” (or religious) context in childhood (for example: being seen training for them is a crime, the props can’t be found outside special temples, etc.).
If so, the usual public key algorithms could be encoded into something like a tax form, i.e. something like
”...51. Subtract the number on line 50 from the number on line 49 and write the result in here:__
…500. The warden should also have calculated the number on line 499. Burn this parchent.”
Of course there would have to be lots of error checks. (“If line 60 doesn’t match line 50 you screwed up. If so, redo everything from line 50 on.”)
To make it practical, each warden/non-prisoner-pair would do a Diffie-Hellman exchange only once. That part would take a day or two. After establishing a shared secret the daily authentication would be done by a hash, which probably could be done in half an hour or less.
Of course most people would have no clue why those forms work, they would just blindly follow the instructions, which for each line would be doable with primary school math.
The wardens would probably spend large parts of their shifts precalculating hashes for prisoners still asleep, so that several prisoners could do their get-out work at the same time. Or maybe they would do the crypto only once a month or so and normally just tell the non-prisoners their passwords for the next day every time they come in.
You might have better expository skills than Salutator, and people love learning esoteric things about mysterious professions in the midst of fiction. Diffie-Helman relies on certain properties of math in prime modulus groups, but understanding those properties isn’t necessary just to do DH. It only takes primary-school level math abilities to follow the example on Wikipedia (and note that, if nobody has computers, you don’t need a 2048 bit modulus.
Everyone is born with a true name that they intuitively know but can’t say, and they also have a unique soul-color. And there are special glow-stones that you can think your true-name at, which will then glow the same as the soul-color of the person with that name.
You need to think about one-way functions (hashes) and trapdoor one-way functions (public key algorithms). There are some additional issues that arise like nonces to thwart replay attacks and the level of protection individuals can be expected to give to secret keys.
Also, even without explicit mathematics the universe will presumably have a concept of entropy and conservation of something, even if it’s just conservation of magical energy. If you can come up with a plausible problem that magic can solve given a lot of expended magical energy but can be solved much more easily with the knowledge of a secret, then you can build a challenge-response identify proof so long as it’s not easy to steal the secret by watching the demonstration. If additionally it’s very hard to derive the secret from the demonstration of its knowledge you probably have the power of a public key system.
Not all the following problems require magic to implement, and many of them actually benefit from not having a knowledge of mathematics and algorithms, since most of these are not cryptographically secure.
Have each person construct an elaborate puzzle out of oddly shaped objects that can be packed into a small finite volume in only one way (the knapsack problem)
Each person constructs a (large) set of sticks (or metal rods, or whatever) of varying lengths, of which a subset add up to a standard length like a meter (the subset sum problem)
Society forms a hierarchical tree of secret handshakes so that each person only has to remember, say, 100 secret handshakes and the tree only has to be log_100 (N) tall so the courts can just subpoena a logarithmic number of individuals to verify handshakes between any two arbitrary people. Obviously any one of your 100 acquaintances can impersonate you, so two or more distinct trees would at least require collusion.
Any magical item that only functions for its “owner”.
A magical “hash function”, like a petronus or an aura, that is unique to every individual (not body) and can’t be faked. Producing it would be an effective identifier.
Lastly, I should point out that very few “normal” people in the situation you describe would be able to achieve cryptographic security anyway. I can (barely) memorize a passphrase with 128-bit entropy (using diceware, so I’m certain it actually has 128 bits), and even that’s not quite enough to choose a secure secret key for Elliptic Curve DSA. And it would have to only be memorized and never written down anywhere, and only computed on trusted hardware (who the sleep-twin could modify to their heart’s content while I slept). So, yeah, Magic.
Recognition memory is actually even cooler than implicit memory, I thought, and can contain quite a bit of information (as far as I could tell, working through Shannon’s theorem): http://www.gwern.net/Spaced%20repetition#fn63
Dunno how it would work in this setting, though, unless the personalities share visual recognition.
If I do something in this approximate neighborhood, I think I’ll go with the hypnotism idea, since it’s easier both to understand and to handwave about.
A clockwork Analytical engine / Enigma machine, that does something equivalent to public key verification (though I assume you don’t want that kind of machine either).
In each city is a temple of the Sigils, in which are stored the Sigils of people, in public view. The Sigils are like intricate signatures drawn on clay tablets; but they are made on a special clay, Sigil Clay, that dries in about a minute, and changes color depending on the pressure you apply to it, the heat (depending of whether you’re touching it with a stylus or with your fingers), and how dry it is. Sigil Priests know hundreds of drawing techniques, and when an alternate pair is created, each person will be taught a few techniques to apply to his drawing, with no overlap between the alternates (so it should be quite hard for someone to reproduce his alternate’s Sigil). Being able to draw one’s Sigil is generally considered a proof of identity, and since only the Sigil Priests know how to make Sigil Clay, one has little opportunity to practice drawing someone else’s Sigil (not to mention that it’s of course considered a grave crime).
For the prisonner’s case, why not having the “day” persona return to prison to sleep and give a new passphrase short (randomly generated with a special set of dice) to the guard, and when he wakes up and wants to get out, he must give the same passphrase (if he gets it wrong, he is lightly punished and must wait at least 30 minutes before trying again.
The passphrase idea you describe is probably fine for minimum and even medium security, it’s just vulnerable to eavesdropping and message-passing by third parties if the prisoner has friends.
And all the adults share bodies (generally, one body has two people in it). One’s asleep (insensate, not forming memories about what’s going on, and not in any sort of control over the body) and one’s awake (in control, forming memories, experiencing what’s going on) at any given time.
Calliope/Caliborn share the same body. Each is “asleep” while the other is “awake”, and they have a pair of ankle-shackles of which magically only one can open. They also have disjoint skillsets; due to some kind of brain trauma, Caliborn is incapable of drawing, while Calliope is pretty good: example
Caliborn circumvents this latter restriction by biting off his own leg.
Why use cryptography? If I understand the problem statement correctly, there’s a simpler solution. When a prisoner wants to go to sleep, they signal and a guard walks over and renders them unconscious, presumably using drugs. Since we know that nobody would go to sleep outside of jail, you can figure out who is who by counting the number of times they’ve been sedated.
(This is vulnerable to troubles telling who is who at the start, but so is any knowledge-based method. This is also vulnerable to people falling asleep outside, but so is any knowledge based method. It’s also fairly dangerous, given that most drugs capable of rendering somebody unconscious are dangerous; however, giving guards some training and then handwaving away or saying the society isn’t concerned by the (minimal) danger sounds reasonable. It assumes certain things about going to sleep and drugs that may not be true in this universe, but it at least sounds reasonable- and this is fiction.)
Sedatives would cause physical sleep, and the reason people share bodies in this world is because having your body be asleep will cause your soul to be eaten by insubstantial demons. Sleeping-while-someone-else-pilots-your-body is safe in large part because it cuts off interventions regarding your soul from outside sources—demons, drugs, magic, etc.
Also, this method relies on cooperative criminals, not just cooperative cohabitors-with-criminals. The criminal has an incentive to make being in jail really inconvenient for their cohabitor—by, for instance, not notifying anyone before going to sleep. They’re already in jail, so making their cohabitor mad at them has limited power to make their situation worse, but if the guards wind up having to imprison the cohabitor too to be safe, the cohabitor might work on ways to get out.
Moving one person in with another person is already very magically challenging; this might not be strictly impossible but your average community would not have access to even one person who could do it. Perhaps this would be a good last resort on a national level for anyone with a demonstrated propensity to actually escape, or whose escape would be particularly dreadful.
Per person, but most people in ordinary day-to-day life will have plenty of opportunity to observe and practice mimicking their cohabitor’s handwriting if they feel like working on that—they can’t talk to each other directly, so they leave notes (“watch out for our left foot, it’s still tender, I dropped something on it”, “so how are you doing, what are you up to”, “we’re pregnant”).
So handwriting is secure between a pair; then all you need is some sort of authentication. Why not use a very simple random number generator? Each member of a pair knows it, of course, and they occasionally set up fresh seeds. Each day is one iteration. To ‘sign’ a message, one simply writes down today’s random number afterwards. (You said handwriting is secure, so you don’t worry about someone tampering with the message and making an authentic number testify to a faked message.)
What RNG? Dunno. Blum Blum Shub has a hilarious name, but the multiplying is a bit painful. Depending on how much accuracy you want, you could make up your own simple recurrence (imagine a list of 5 integers, which shift each day, and the first is defined by the sum of the last two modulo 5). But it turns out geeks have already discussed PRNGs you can do with mental arithmetic:
Set up another pair of RNGs; both write down on a piece of paper and show the paper simultaneously, something like that. With third parties, you lose the time-delay aspect which makes things hard in the case of temporally separate pair members trying to authenticate to each other.
Well, first, handwriting is extremely hard to mimic perfectly, but maybe it’s easier if you are using the same hand (and brain). Think of other individual traits that are harder to observe in your other half. Maybe speech patterns, or mannerisms, or some other subconscious manifestations. Maybe have a separate hypnotic induction for each person when they become of age. Judging by your writings, you don’t suffer from the lack of imagination. The goal is to have a cheap version of the same feature, and “There are likely to be three levels of security” sounds pretty complicated already.
Oh, come on, it’s an obvious consequence of the premise.
Hypnosis has some promise. Speech patterns/mannerisms seem like they’d rely on the testimony of people who know both of the cohabitors really well and who probably aren’t cops, which has the problem of those people being corruptible in various ways.
I don’t suffer from lack of imagination, but I’m just one person. An entire civilization which has had this problem for a long time should be able to come up with a solution that’s more robust than what I’ve been coming up with, so I solicit help—I’d feel especially silly if there were some trivially implementable noncomputerized version of RSA that someone could tell me about. Also, the entire setting does this thing where people share bodies, and there are multiple cultures in the setting—ideally they’d have different approaches, so if I can come up with more than one workable idea, so much the better.
Without introducing more magic and without there being at least some kind of database, this is an unsolvable problem. I would say use a one-time pad, but the key would have to be stored in a database.
If the technology of the time is at least that of, say, the 1940′s, you could use quantum key distribution to at least be alerted if the crypto is broken (more useful than any other solutions), but would still require a database.
Oh, come on, it’s an obvious consequence of the premise.
Maybe it would be obvious, were I female.
I’d feel especially silly if there were some trivially implementable noncomputerized version of RSA that someone could tell me about.
Good point. RSA in a nutshell is “I’m the only one who knows a certain secret, and I’m the only one who can unconditionally and repeatedly verify this fact without divulging the secret itself”. Well, this is one half of it, the authentication part, not the encryption part.
So you need a way for a person to produce some output from a given input that can be unique both to the person and to the input. but easily verifiable. What kind of non-technical output is available? Visual? Aural? Motor functions?
For example, maybe a way one’s eyes follow a complicated pattern is while unpredictable, but unique enough and easy to check. Or a rhythm one drums in response to something. Or the interpretation of the Rorschach test.
By the way, if you find something that works in real life, you will be famous and set for life, as this is an open problem with multiple applications.
These people are humans, although there is much more potential for magical alteration of the base plan than real humans have. They have human capacities to memorize and transmit information.
I’m reminded of this. Although the technique in the article was taught using a computer game, one could plausibly develop an analog equivalent. Give someone a musical instrument and teach them to play specific sequences in response to the sequences somebody else plays, or something.
But the teaching would be really time-consuming, and of course you’d have to make sure that the right person was in charge of the body while they were being taught.
If it’s something you can teach children, then wealthy societies (which can afford to wait longer before having people move into each other’s bodies) can be sure to teach only the correct people, but indeed time consumption remains an issue.
Well, there is visual cryptography in various forms, and if one databank is not secure enough, make it two or three- parole officier+National Databank or something, thats called secret-sharing-cryptography. It is possible to combine both, and even have them at a simple enough level to not require PCs. Of course, for visual cryptography you need a fast way to recreate the visual secrets- computing and graphing polynoms for thirty minutes every twelve-ish hours is a serious waste of time…
Does the protocol need to be robust against cohabitors in league with each other? That is, is “permanently private” built in, or could someone share their key with a cohabitor who agrees to take the fall?
I think under the circumstances they’re going to have to consider cohabitors who aid and abet their cohabitor’s crimes to be accessories deserving of the same punishment (at least insofar as that punishment is restriction of movement) - otherwise you let the accessory go, they travel to a safe place, and they nap, boom, criminal is free.
I’m thinking about a fantasy setting that I expect to set stories in in the future, and I have a cryptography problem.
Specifically, there are no computers in this setting (ruling out things like supercomplicated RSA). And all the adults share bodies (generally, one body has two people in it). One’s asleep (insensate, not forming memories about what’s going on, and not in any sort of control over the body) and one’s awake (in control, forming memories, experiencing what’s going on) at any given time. There is not necessarily any visible sign when one party falls asleep and the other wakes, although there are fakeable correlates (basically, acting like you just appeared wherever you are). It does not follow a rigid schedule, although there is an approximate maximum period of time someone can stay awake for, and there are (also fakeable) symptoms of tiredness. Persons who share bodies still have distinct legal and social existences, so if one commits a crime, the other is entitled to walk free while awake as long as they come back before sleeping—but how do they prove it?
There are likely to be three levels of security, with one being “asking”, the second being a sort of “oh yeah? prove it” (“tell me something only my wife would know / exhibit a skill your cohabitor hasn’t mastered / etc.”), and the third being… something. Because you don’t want to turn loose someone who could be a dangerous criminal just because they were collaborating with a third party to learn information, or broke into the National Database of Secret Person-Distinguishing Passphrases, or didn’t disclose all their skills to some central skill registry—but you don’t want to lock up innocent people who made bad choices about who to move in with when they were eight, either.
Is there something that doesn’t require computers, or human-atypical levels of memorization/computation, or rely critically on a potentially-break-into-able National Database of Secret Person-Distinguishing Passphrases, which will let someone have a permanently private bit of information they can use to verify to arbitrary others who they are? (There is magic, but it is not math-doing magic.)
All personalities are given a pair of esoteric stimuli. Through reinforcement/punishment, one personality is conditioned to have a positive physiological reaction to Stimulus A and a negative physiological reaction stimulus B. The other personality is given the converse.
The stimuli are all drawn from a common pool of images like “bear”, “hat” or “bicycle”, so one half of a stimuli pair may be “a bear in a hat on a bicycle”. There’s a canonical set of stimuli, like a huge deck of cards, with all possible combinations, all of which are numbered. The numbers for my stimuli pair are tattoed on my body in some obscure location, like the sole of my foot.
If I need to prove my identity, I show my tattoo to the authority figure. It will read something like “1184/0346”. They pick out either image 1184 (bear in a hat on a bicycle) or image 0346 (a sword in a hill being struck by lightning), and show it to me. My immediate response will be either arousal or disgust, and they will know which personality I am.
Is this a realistic cultural adaptation? In most human societies if you are stuck working or living with someone your social existence is somewhat shared. A person from your clan doing something bad is a also bad for your own reputation. If someone from your family committed a crime some legal traditions would hold you responsible. It seems much more plausible that society would consider the two people living in the same body to be legally treated at least like a married couple or brothers where in some past ones.
Given your constraints and assuming no cheap and easy test of distinguishing them, of all historical examples I can think of, only modern Western culture with its hyper-individual liberalism would bother with the impracticality of treating the two people like two fully distinct individuals. And even then they would have to give a family-like if not legal guardian-like relationship for the issue of making medical decisions. Not sharing your place of residence and ownership over it would be impractical, though perhaps there would be a strong norm of not going into the other guys part of the house.
Also as a minor note the culture would probably develop a norm of some sort of marker (perhaps clothes, jewellery) or face paint to show which of the two persons in currently in control. The distinction would be more or less universal not simply individualized so even strangers could tell this was two different persons. Think more “Ah I see your patron god is the first twin Jahu. Your cohabitor was here yesterday.” instead of “Aha James always wears his leather jacket you must be Harry!”. Using the wrong marker would probably at least as taboo as cross-dressing was in some past cultures.
I’m not trying to get too much into the cultural details here—certainly cultures vary in the setting. Some of them do treat cohabiting like it’s on par with marriage, and even arrange it through families (which makes sense: if we want to share grandchildren, we arrange for our kids to get married if they’re the opposite sex, but if they’re the same sex nonfantasy humans are out of grandchildren-sharing luck. In comes cohabitation!) But importantly, cohabitors cannot talk to each other. There is no way for them to socially pressure each other outside of self-destructive attacks or sternly written letters. You could hold someone responsible for what their cohabitor did, but this would only deter people who were compassionate enough to care about the fate of someone they cannot ever interact with—and, if they picked each other instead of being arranged, chose on the basis of not particularly desiring to ever interact with them again. (You don’t pick your friends as cohabitors: you pick people whose company you don’t care for with comparable danger tolerances and cosmetic features you want to include when you have your bodies conglomerated.)
Also, they don’t sleep, so “place of residence” dissolves for most people. They have typical hangouts, storage lockers, clubhouses and favorite restaurants and rental kitchens—but why bother maintaining an entire house? You don’t need a secure place in which to sleep; your cohabitor will look after your body while you’re unconscious. Medical decisions are also made a lot simpler by the magic system, although they don’t completely go away and there’s probably some plot to be had there.
Most people would probably adopt cosmetic markers, but how required these would be would certainly vary; I think your expectation here would be a reasonable way for one society to operate but too sweeping for all. This isn’t how we treat identical twins, who, while uncommon, are still a known feature of the real world. I look a lot like my sister to the point where one time I walked into her school and six of her friends mistook me for her; we were not then obliged to choose distinct ritual scarves and wear them at all times.
Cohabitors could also pressure each other with rewards, and with threatening to withhold rewards.
I’m not sure about the lack of residences. A storage locker isn’t the same thing as having your stuff conveniently arranged for use.
Well, houses are at least a great deal more optional. I’m imagining them as something of a status symbol.
How much of a status symbol would a home be? Only the poorest don’t have a home? A home is a middle-class sort of thing? Only the rich? Only the very rich?
Again, would vary from culture to culture within the setting.
IIRC, in some cultures (e.g. mid-20th-century Italy) they did the opposite, i.e. they dressed their twin children identically.
Each personality owns a bracelet with a combination lock. To prove you’re you, you unlock your bracelet. This is basically the password system, but localized, and now you just have to worry about making combination locks tamper-proof.
Unfortunately, physical locks interact very badly with the magic system. (In brief: “Lockedness” is a thing. If you are about average at magic, it’s a thing you can move from one thing you’re touching that is locked to another thing you are touching that can be locked but isn’t.)
Since it’s the only thing I know about the magic system, I suggest looking closely into what it means that X can be Y. (By “looking closely” I mean “exercise your authorial authority”.) Then tie the procedure to something that can’t be moved to anything that prisoners have around, other than the actual testing thing.
But the thing that keeps returning to my mind is that in our world we do quarantine innocent people if they carry dangerous enough diseases. I think you’d need a pretty high rate of evil-twinniness for a society not to take the easy way out and do the same. Even a very trustworthy person can fail to return to prison (?) by accident.
Anyway, I think pen-and-paper cryptography is your best guess, unless “encryptedness” and related properties are things that can be moved. Neal Stephenson’s Cryptonomicon has an example of a protocol that uses a deck of cards. (Which is imaginary but possible AFAIK.)
It’s not imaginary; the protocol is described in one of the appendices, and I’ve implemented it once.
Cool! Do you remember the “performance” of the protocol? (That is, how much work it takes to exchange how much information, in approximate human-scale terms, and its approximate security in usual cryptographic language.)
Sadly, Bruce Schneier’s “Solitaire” is broken. That break was one of the things that got me into crypto!
Can you explain how broken it is to this layperson?
Warning: What follows likely has major technical errors—basically all I know about cryptography I learned from Cryptonomicon.
From the description, the random numbers are not evenly generated so that what should have a 1⁄26 chance of happening has a 1⁄22.5. And the output is heavily biased.
How much does that matter? We can easily decrypt Enigma with brute force right now. Is the difference in the amount of computing power to brute force Solitaire all that much different from what is expected?
In other words, encryptions with 256-bit keys are harder to crack than 128-bit keys. But is the problem with Solitaire 20-years-safe vs. 10-years-safe, or is it 20-years-safe vs. 12-months-safe?
Yeah… I guess as long as I’m postulating accomplices, I might as well postulate accomplices who’d kidnap their jailed friend’s cohabitor and wait until they are forced to sleep by sheer exhaustion.
Is there a risk that any authentication scheme could be bypassed by transferring the “Autenticatedness” from someone else, or does the magic system forbid that somehow?
In any case, some kind of magical version of the bracelet lock sounds like a good idea, if you can think of one.
Transferring authenticatedness doesn’t work, so that’s not going to be an issue.
I can’t think of a way to magic up the bracelet to work like this, unfortunately.
Couldn’t they just each memorise a six digit number and recite it on demand?
The first thing that occurs to me is to decentralise the database, which incidentally is rather a computer-ish concept. Each person designates two or more Keyphrase Holders, with a separate password for each. For low-security situations, they have to give their passphrase to one KH; for maximum security, they have to convince all of them. Ten or a dozen passwords should not be beyond anyone’s memorisation capabilities in a world without shiny Internet distractions, and the KH can write them down—this gives you a lot of different DSP-DPs instead of one big one. Any given KH may be suborned or have his database broken into, but by the time you get up to a dozen or so that is unlikely.
Obviously this works best if you don’t have to physically drag the KH to the prison cell, or whatever, before you let the innocent one out.
To make this easier to memorize and more secure, you could have there be a much larger number of KHs. Their job is to be KHs; their identities are kept secret even from each other. Each KH has a certain property about the person’s password that they learn- e.g. its length, the number of vowels, the number of times the letter “a” appears minus the number of times a letter appears, etc. However, they don’t know the password itself; they only know the person’s answer to the question. When a person wants to be released, a certain number of KH’s, randomly selected, large enough that correct guesses or collaboration is unlikely, and all wearing hoods, are summoned to the person’s cell to figure out their identity.
You’d need to ensure that, following an incorrect guess, the same KH isn’t used again- or that the innocent person picks a new password. (Propagating password changes would be terrible- it would make sense to have very severe punishments for claiming to be another person. The first time would be standard jail processing- everybody innocent would need to go down a line of KH’s and tell them their name and the answer. This also highlights the main weakness of any possible system- the need to have verified who is who when dealing with the initial passwords, since criminals would presumably immediately go to sleep following crimes, or claim to have just woken up.)
Give everybody training in a particular skill during their childhood: Juggling, acrobacy, calligraphy, drawing, playing a particular instrument—or even something more esoteric like doing figures with a Yoyo or a Diabolo, or doing pool tricks, or tricks with a socker ball; anyway something require a good amount of motor skills and training; and also make sure that no cohabitor pair has skills that are too similar (like calligraphy and drawing, or acrobacy and soccer tricks, or the violin and the bass).
Then have a taboo against learning those skills outside the “official” (or religious) context in childhood (for example: being seen training for them is a crime, the props can’t be found outside special temples, etc.).
Physiological correlates to anxiety in response to known personality-specific trauma?
Can they use quill and parchent?
If so, the usual public key algorithms could be encoded into something like a tax form, i.e. something like ”...51. Subtract the number on line 50 from the number on line 49 and write the result in here:__ …500. The warden should also have calculated the number on line 499. Burn this parchent.”
Of course there would have to be lots of error checks. (“If line 60 doesn’t match line 50 you screwed up. If so, redo everything from line 50 on.”)
To make it practical, each warden/non-prisoner-pair would do a Diffie-Hellman exchange only once. That part would take a day or two. After establishing a shared secret the daily authentication would be done by a hash, which probably could be done in half an hour or less.
Of course most people would have no clue why those forms work, they would just blindly follow the instructions, which for each line would be doable with primary school math.
The wardens would probably spend large parts of their shifts precalculating hashes for prisoners still asleep, so that several prisoners could do their get-out work at the same time. Or maybe they would do the crypto only once a month or so and normally just tell the non-prisoners their passwords for the next day every time they come in.
I don’t think that I understand how this works, which has a meta-level drawback...
You might have better expository skills than Salutator, and people love learning esoteric things about mysterious professions in the midst of fiction. Diffie-Helman relies on certain properties of math in prime modulus groups, but understanding those properties isn’t necessary just to do DH. It only takes primary-school level math abilities to follow the example on Wikipedia (and note that, if nobody has computers, you don’t need a 2048 bit modulus.
Everyone is born with a true name that they intuitively know but can’t say, and they also have a unique soul-color. And there are special glow-stones that you can think your true-name at, which will then glow the same as the soul-color of the person with that name.
I’d rather not solve the problem by adding magic that doesn’t fit into the existing system. Especially suspiciously convenient magic.
You need to think about one-way functions (hashes) and trapdoor one-way functions (public key algorithms). There are some additional issues that arise like nonces to thwart replay attacks and the level of protection individuals can be expected to give to secret keys.
Also, even without explicit mathematics the universe will presumably have a concept of entropy and conservation of something, even if it’s just conservation of magical energy. If you can come up with a plausible problem that magic can solve given a lot of expended magical energy but can be solved much more easily with the knowledge of a secret, then you can build a challenge-response identify proof so long as it’s not easy to steal the secret by watching the demonstration. If additionally it’s very hard to derive the secret from the demonstration of its knowledge you probably have the power of a public key system.
Not all the following problems require magic to implement, and many of them actually benefit from not having a knowledge of mathematics and algorithms, since most of these are not cryptographically secure.
Have each person construct an elaborate puzzle out of oddly shaped objects that can be packed into a small finite volume in only one way (the knapsack problem)
Each person constructs a (large) set of sticks (or metal rods, or whatever) of varying lengths, of which a subset add up to a standard length like a meter (the subset sum problem)
Society forms a hierarchical tree of secret handshakes so that each person only has to remember, say, 100 secret handshakes and the tree only has to be log_100 (N) tall so the courts can just subpoena a logarithmic number of individuals to verify handshakes between any two arbitrary people. Obviously any one of your 100 acquaintances can impersonate you, so two or more distinct trees would at least require collusion.
Any magical item that only functions for its “owner”.
A magical “hash function”, like a petronus or an aura, that is unique to every individual (not body) and can’t be faked. Producing it would be an effective identifier.
Lastly, I should point out that very few “normal” people in the situation you describe would be able to achieve cryptographic security anyway. I can (barely) memorize a passphrase with 128-bit entropy (using diceware, so I’m certain it actually has 128 bits), and even that’s not quite enough to choose a secure secret key for Elliptic Curve DSA. And it would have to only be memorized and never written down anywhere, and only computed on trusted hardware (who the sleep-twin could modify to their heart’s content while I slept). So, yeah, Magic.
Maybe you could adapt this implicit memory-based authentication scheme into a board game format similar to Mastermind.
Recognition memory is actually even cooler than implicit memory, I thought, and can contain quite a bit of information (as far as I could tell, working through Shannon’s theorem): http://www.gwern.net/Spaced%20repetition#fn63
Dunno how it would work in this setting, though, unless the personalities share visual recognition.
If I do something in this approximate neighborhood, I think I’ll go with the hypnotism idea, since it’s easier both to understand and to handwave about.
A few possibilities:
A clockwork Analytical engine / Enigma machine, that does something equivalent to public key verification (though I assume you don’t want that kind of machine either).
In each city is a temple of the Sigils, in which are stored the Sigils of people, in public view. The Sigils are like intricate signatures drawn on clay tablets; but they are made on a special clay, Sigil Clay, that dries in about a minute, and changes color depending on the pressure you apply to it, the heat (depending of whether you’re touching it with a stylus or with your fingers), and how dry it is. Sigil Priests know hundreds of drawing techniques, and when an alternate pair is created, each person will be taught a few techniques to apply to his drawing, with no overlap between the alternates (so it should be quite hard for someone to reproduce his alternate’s Sigil). Being able to draw one’s Sigil is generally considered a proof of identity, and since only the Sigil Priests know how to make Sigil Clay, one has little opportunity to practice drawing someone else’s Sigil (not to mention that it’s of course considered a grave crime).
For the prisonner’s case, why not having the “day” persona return to prison to sleep and give a new passphrase short (randomly generated with a special set of dice) to the guard, and when he wakes up and wants to get out, he must give the same passphrase (if he gets it wrong, he is lightly punished and must wait at least 30 minutes before trying again.
This is a weird and interesting premise!
The passphrase idea you describe is probably fine for minimum and even medium security, it’s just vulnerable to eavesdropping and message-passing by third parties if the prisoner has friends.
So basically the Cherubs in Homestuck.
I barely got ten pages into Homestuck, so I wouldn’t know.
Calliope/Caliborn share the same body. Each is “asleep” while the other is “awake”, and they have a pair of ankle-shackles of which magically only one can open. They also have disjoint skillsets; due to some kind of brain trauma, Caliborn is incapable of drawing, while Calliope is pretty good: example
Caliborn circumvents this latter restriction by biting off his own leg.
Why use cryptography? If I understand the problem statement correctly, there’s a simpler solution. When a prisoner wants to go to sleep, they signal and a guard walks over and renders them unconscious, presumably using drugs. Since we know that nobody would go to sleep outside of jail, you can figure out who is who by counting the number of times they’ve been sedated.
(This is vulnerable to troubles telling who is who at the start, but so is any knowledge-based method. This is also vulnerable to people falling asleep outside, but so is any knowledge based method. It’s also fairly dangerous, given that most drugs capable of rendering somebody unconscious are dangerous; however, giving guards some training and then handwaving away or saying the society isn’t concerned by the (minimal) danger sounds reasonable. It assumes certain things about going to sleep and drugs that may not be true in this universe, but it at least sounds reasonable- and this is fiction.)
Sedatives would cause physical sleep, and the reason people share bodies in this world is because having your body be asleep will cause your soul to be eaten by insubstantial demons. Sleeping-while-someone-else-pilots-your-body is safe in large part because it cuts off interventions regarding your soul from outside sources—demons, drugs, magic, etc.
Also, this method relies on cooperative criminals, not just cooperative cohabitors-with-criminals. The criminal has an incentive to make being in jail really inconvenient for their cohabitor—by, for instance, not notifying anyone before going to sleep. They’re already in jail, so making their cohabitor mad at them has limited power to make their situation worse, but if the guards wind up having to imprison the cohabitor too to be safe, the cohabitor might work on ways to get out.
I suppose reallocating cohabitors (say, criminals with criminals) is out of the question?
Moving one person in with another person is already very magically challenging; this might not be strictly impossible but your average community would not have access to even one person who could do it. Perhaps this would be a good last resort on a national level for anyone with a demonstrated propensity to actually escape, or whose escape would be particularly dreadful.
Is handwriting style per person or per body?
Per person, but most people in ordinary day-to-day life will have plenty of opportunity to observe and practice mimicking their cohabitor’s handwriting if they feel like working on that—they can’t talk to each other directly, so they leave notes (“watch out for our left foot, it’s still tender, I dropped something on it”, “so how are you doing, what are you up to”, “we’re pregnant”).
So handwriting is secure between a pair; then all you need is some sort of authentication. Why not use a very simple random number generator? Each member of a pair knows it, of course, and they occasionally set up fresh seeds. Each day is one iteration. To ‘sign’ a message, one simply writes down today’s random number afterwards. (You said handwriting is secure, so you don’t worry about someone tampering with the message and making an authentic number testify to a faked message.)
What RNG? Dunno. Blum Blum Shub has a hilarious name, but the multiplying is a bit painful. Depending on how much accuracy you want, you could make up your own simple recurrence (imagine a list of 5 integers, which shift each day, and the first is defined by the sum of the last two modulo 5). But it turns out geeks have already discussed PRNGs you can do with mental arithmetic:
http://ask.metafilter.com/191135/Help-me-get-random-numbers-by-mental-arithmetic
http://blog.yunwilliamyu.net/2011/08/14/mindhack-mental-math-pseudo-random-number-generators/
http://stackoverflow.com/questions/3919597/is-there-a-pseudo-random-number-generator-simple-enough-to-do-in-your-head
http://ask.metafilter.com/20334/Random-sequences-in-your-head
For the looks of them, at least one suggestion should work for you.
This allows pair members to authenticate themselves to each other, but not third parties to tell members apart.
Set up another pair of RNGs; both write down on a piece of paper and show the paper simultaneously, something like that. With third parties, you lose the time-delay aspect which makes things hard in the case of temporally separate pair members trying to authenticate to each other.
OMG!
Well, first, handwriting is extremely hard to mimic perfectly, but maybe it’s easier if you are using the same hand (and brain). Think of other individual traits that are harder to observe in your other half. Maybe speech patterns, or mannerisms, or some other subconscious manifestations. Maybe have a separate hypnotic induction for each person when they become of age. Judging by your writings, you don’t suffer from the lack of imagination. The goal is to have a cheap version of the same feature, and “There are likely to be three levels of security” sounds pretty complicated already.
Oh, come on, it’s an obvious consequence of the premise.
Hypnosis has some promise. Speech patterns/mannerisms seem like they’d rely on the testimony of people who know both of the cohabitors really well and who probably aren’t cops, which has the problem of those people being corruptible in various ways.
I don’t suffer from lack of imagination, but I’m just one person. An entire civilization which has had this problem for a long time should be able to come up with a solution that’s more robust than what I’ve been coming up with, so I solicit help—I’d feel especially silly if there were some trivially implementable noncomputerized version of RSA that someone could tell me about. Also, the entire setting does this thing where people share bodies, and there are multiple cultures in the setting—ideally they’d have different approaches, so if I can come up with more than one workable idea, so much the better.
Without introducing more magic and without there being at least some kind of database, this is an unsolvable problem. I would say use a one-time pad, but the key would have to be stored in a database.
If the technology of the time is at least that of, say, the 1940′s, you could use quantum key distribution to at least be alerted if the crypto is broken (more useful than any other solutions), but would still require a database.
Maybe it would be obvious, were I female.
Good point. RSA in a nutshell is “I’m the only one who knows a certain secret, and I’m the only one who can unconditionally and repeatedly verify this fact without divulging the secret itself”. Well, this is one half of it, the authentication part, not the encryption part.
So you need a way for a person to produce some output from a given input that can be unique both to the person and to the input. but easily verifiable. What kind of non-technical output is available? Visual? Aural? Motor functions?
For example, maybe a way one’s eyes follow a complicated pattern is while unpredictable, but unique enough and easy to check. Or a rhythm one drums in response to something. Or the interpretation of the Rorschach test.
By the way, if you find something that works in real life, you will be famous and set for life, as this is an open problem with multiple applications.
These people are humans, although there is much more potential for magical alteration of the base plan than real humans have. They have human capacities to memorize and transmit information.
I’m reminded of this. Although the technique in the article was taught using a computer game, one could plausibly develop an analog equivalent. Give someone a musical instrument and teach them to play specific sequences in response to the sequences somebody else plays, or something.
But the teaching would be really time-consuming, and of course you’d have to make sure that the right person was in charge of the body while they were being taught.
If it’s something you can teach children, then wealthy societies (which can afford to wait longer before having people move into each other’s bodies) can be sure to teach only the correct people, but indeed time consumption remains an issue.
Well, there is visual cryptography in various forms, and if one databank is not secure enough, make it two or three- parole officier+National Databank or something, thats called secret-sharing-cryptography. It is possible to combine both, and even have them at a simple enough level to not require PCs. Of course, for visual cryptography you need a fast way to recreate the visual secrets- computing and graphing polynoms for thirty minutes every twelve-ish hours is a serious waste of time…
Does the protocol need to be robust against cohabitors in league with each other? That is, is “permanently private” built in, or could someone share their key with a cohabitor who agrees to take the fall?
I think under the circumstances they’re going to have to consider cohabitors who aid and abet their cohabitor’s crimes to be accessories deserving of the same punishment (at least insofar as that punishment is restriction of movement) - otherwise you let the accessory go, they travel to a safe place, and they nap, boom, criminal is free.