[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: computer-go: Authenticating the identity of a remote go-playing computer program
From: Daniel Hallmark <dgh@xxxxxxxxxxxxxxxxx>
> I know just enough about public-key encryption techniques and digital
> signatures to believe that this is possible. I hope that experts on this
> list can shed some light on how it might work. It would be ideal if a
> standard could be established that eventually all go programs might adhere
> to and thus allow more tournaments to be held on the net.
The problem you have is that any security technology, including assymetric
encryption, only works if everyone uses it properly. All it takes is for
me to get my private key (from you) and hand it over to someone else and
that person can now "authenticate" to you that they are really me. Same
goes for keys registered to a computer program, etc. Even assuming that
the "program" wasn't just a front end that performed an authentication
for a live player.
A security protocol is much more than just a mathematical technique like
public key encryption - it involves some degree of trust that the users
not intentionally try to spoof the system.
Daniel Hallmark
None of this is a problem with md5 signatures as some kind of
authentication protocol for documenting the existance of the program,
and using the program itself (the moves it actually plays) as a
one-way hash that proves authorship of moves (where the program is the
author.)
I know of some chessplayers who claim they can tell which masters
played a given chess game based on the style. Even though humans are
not very deterministic compared to humans, there are still many bits
of "move authorship" information laying around if this is possible.
I play tennis, and I can recognize all the player I know from a great
distance, just by watching them hit a ball (or just watching them take
a step.) The information is there, and it's like a fingerprint, no
two the same.
Don