cute silly invention idea: a robotic Chop (Chinese signature stamp) which stamps your human-readable public signature as well as a QR-type digital code. But the code would be both single use (so nobody could copy it, and fool you with the copy), and tied to your private key (so nobody but you could generate such a code). This would obviously be a much better way to sign documents, or artwork, or whatever.
Maybe the single-use aspect would mean that the digital stamp recorded every stamp it produced in some compressed way on a private blockchain or something.
The difficult thing is tying the signature to the thing signed. Even if they are single-use, unless the relying party sees everything you ever sign immediately, such a signature can be transferred to something you didn’t sign from something you signed that the relying party didn’t see.
The idea is that the device would have a camera, and do ocr on the text, hash that, incorporate that into the stamp design somehow, then you’d stamp it
Functionally you just end up back to a trusted 3rd party or blockchain. Basically the device you describe is just a handheld QR code printer. But anyone can just scan the code off the real document and print the same code on the fake one. So you end up needing the entire text of the document to be digital, and stored as a file or a hash of the file on blockchain/trusted 3rd party.
This requirement for a log of when something happened, recorded on an authoritative location, seems to me to be the general solution for the issue that generative ai can potentially fake anything.
So for example, if you wanted to establish that a person did a thing, a video of them doing the thing isn’t enough. The video or hash of the video needs to be on a server or blockchain at the time the thing supposedly happened. And there needs to be further records such as street camera recordings that were also streamed to a trusted place that correlate to the person doing the thing.
The security mechanism here is that it may be possible to indistinguishably fake any video, but it is unlikely some random camera owned by an uninvolved third party would record a person going to do a thing at the time the thing happened, and you know the record probably isn’t fake because of when it was saved and the disinterest of the camera owner in the case.
This of course only works until you can make robots indistinguishable from a person being faked. And it assumes a sophisticated group can’t hack into cameras and inject fake images into the stream as part of a coordinated effort to frame someone....
Hmm, yes I see. Good point. In order to not be copy-able, it’s not enough for the QR code to be single-use. Because if confronted with two documents with the same code, you would know one was false but not which one!
So the device would need to scan and hash the document in order to derive a code unique to the document and also having the property of only could have been generated by someone with the private key, and confirm-able by the public key. This sounds like a job for… the CypherGoth!
Scan, hash, and upload. Or otherwise when you go to court—your honor here is the document I signed, it says nothing about how this gym membership is eternal and hereditary—and the gym says “no here’s the one you signed, see you initialed at each of the clauses...”
yes, at least upload to the your private list ‘documents I have signed’ (which could be local). That list would need to also be verifiable in some way by a 3rd party, such that they could match the entries to the corresponding stamps. The uploading wouldn’t necessarily need to be instant though. The record could potentially be cached on the device and uploaded later, in case of lack of connectivity at time of use.
Well I was thinking that the timing—basically Google or apple got the document within a short time after signing—is evidence it wasn’t tampered with, or if it was, one of the parties was already intending fraud from the start.
Like say party A never uploads, and during discovery in a lawsuit 2 years later they present 1 version, while party Bs phone said it was taken with the camera (fakeable but requires a rooted phone) and has a different version. Nothing definitive distinguishes the 2 documents at a pixel level. (Because if there was a way to tell, the AI critic during the fabrication process for 1 or both documents would have noticed....)
So then B is more likely to be telling the truth and A should get sanctioned.
I have brought in another element here : trusted hardware chains. You need trusted hardware, with trusted software running on it, uploading the information at around the time an event happened.
If A’s device scanned and hashed the document, and produced a signature stamp unique to that document, then B couldn’t just copy A’s signature onto a different document. The stamp and document wouldn’t match.
If B has a document that has a signature which only A could have produced and which matches the semantic content of the document, then A can’t claim to not have signed the document. The signature is proof that A agreed to the terms as written. B couldn’t be faking it. Even if A tampered with their own record to erase the signing-event, it would still be provable that only someone with A’s private key could have produced the stamp and that the stamp matches the hash of the disputed document.
Oh, and the stamp should include a UTC datetime as part of the hash. In case A’s private key later gets compromised, B can’t then use the compromised private key to fake A having signed something in the past.
Seems legit. Note that hash functions are usually sensitive to 1 bit of error. Meaning if you optically scan every character, if 2 different devices map a letter to even a different font size there will be differences in a hash. (Unless you convert down to ASCII but even that can miss a character from ocr errors etc. Or interpreting white space as spaces vs tabs..)
cute silly invention idea: a robotic Chop (Chinese signature stamp) which stamps your human-readable public signature as well as a QR-type digital code. But the code would be both single use (so nobody could copy it, and fool you with the copy), and tied to your private key (so nobody but you could generate such a code). This would obviously be a much better way to sign documents, or artwork, or whatever. Maybe the single-use aspect would mean that the digital stamp recorded every stamp it produced in some compressed way on a private blockchain or something.
The difficult thing is tying the signature to the thing signed. Even if they are single-use, unless the relying party sees everything you ever sign immediately, such a signature can be transferred to something you didn’t sign from something you signed that the relying party didn’t see.
What if the signature contains a hash of the document it was created for, so that it will not match a different document if transferred?
I thought you wanted to sign physical things with this? How will you hash them? Otherwise, how is this different from a standard digital signature?
The idea is that the device would have a camera, and do ocr on the text, hash that, incorporate that into the stamp design somehow, then you’d stamp it
Functionally you just end up back to a trusted 3rd party or blockchain. Basically the device you describe is just a handheld QR code printer. But anyone can just scan the code off the real document and print the same code on the fake one. So you end up needing the entire text of the document to be digital, and stored as a file or a hash of the file on blockchain/trusted 3rd party.
This requirement for a log of when something happened, recorded on an authoritative location, seems to me to be the general solution for the issue that generative ai can potentially fake anything.
So for example, if you wanted to establish that a person did a thing, a video of them doing the thing isn’t enough. The video or hash of the video needs to be on a server or blockchain at the time the thing supposedly happened. And there needs to be further records such as street camera recordings that were also streamed to a trusted place that correlate to the person doing the thing.
The security mechanism here is that it may be possible to indistinguishably fake any video, but it is unlikely some random camera owned by an uninvolved third party would record a person going to do a thing at the time the thing happened, and you know the record probably isn’t fake because of when it was saved and the disinterest of the camera owner in the case.
This of course only works until you can make robots indistinguishable from a person being faked. And it assumes a sophisticated group can’t hack into cameras and inject fake images into the stream as part of a coordinated effort to frame someone....
Hmm, yes I see. Good point. In order to not be copy-able, it’s not enough for the QR code to be single-use. Because if confronted with two documents with the same code, you would know one was false but not which one! So the device would need to scan and hash the document in order to derive a code unique to the document and also having the property of only could have been generated by someone with the private key, and confirm-able by the public key. This sounds like a job for… the CypherGoth!
Scan, hash, and upload. Or otherwise when you go to court—your honor here is the document I signed, it says nothing about how this gym membership is eternal and hereditary—and the gym says “no here’s the one you signed, see you initialed at each of the clauses...”
yes, at least upload to the your private list ‘documents I have signed’ (which could be local). That list would need to also be verifiable in some way by a 3rd party, such that they could match the entries to the corresponding stamps. The uploading wouldn’t necessarily need to be instant though. The record could potentially be cached on the device and uploaded later, in case of lack of connectivity at time of use.
Well I was thinking that the timing—basically Google or apple got the document within a short time after signing—is evidence it wasn’t tampered with, or if it was, one of the parties was already intending fraud from the start.
Like say party A never uploads, and during discovery in a lawsuit 2 years later they present 1 version, while party Bs phone said it was taken with the camera (fakeable but requires a rooted phone) and has a different version. Nothing definitive distinguishes the 2 documents at a pixel level. (Because if there was a way to tell, the AI critic during the fabrication process for 1 or both documents would have noticed....)
So then B is more likely to be telling the truth and A should get sanctioned.
I have brought in another element here : trusted hardware chains. You need trusted hardware, with trusted software running on it, uploading the information at around the time an event happened.
If A’s device scanned and hashed the document, and produced a signature stamp unique to that document, then B couldn’t just copy A’s signature onto a different document. The stamp and document wouldn’t match. If B has a document that has a signature which only A could have produced and which matches the semantic content of the document, then A can’t claim to not have signed the document. The signature is proof that A agreed to the terms as written. B couldn’t be faking it. Even if A tampered with their own record to erase the signing-event, it would still be provable that only someone with A’s private key could have produced the stamp and that the stamp matches the hash of the disputed document. Oh, and the stamp should include a UTC datetime as part of the hash. In case A’s private key later gets compromised, B can’t then use the compromised private key to fake A having signed something in the past.
Seems legit. Note that hash functions are usually sensitive to 1 bit of error. Meaning if you optically scan every character, if 2 different devices map a letter to even a different font size there will be differences in a hash. (Unless you convert down to ASCII but even that can miss a character from ocr errors etc. Or interpreting white space as spaces vs tabs..)
Yeah, you’d need to also save a clear-text record in your personal ‘signed documents’ repository, which you could refer to, in case of such glitches.