h a l f b a k e r yLoading tagline ....
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
pkeydna
Public key DNA identification system | |
Use public key cryptography to digitally encrypt and sign digitised DNA fingerprints, which are held by law enforcement agencies (these could even be held in a completely public repository). DNA owners (the phenotypes) can sign known search queries with the private key, to permit themselves to be eliminated
as suspects in serious crime cases, without compromising their privacy. Since owner is the only party in possesion of the private key, the DNA could not be used without the owner's explicit permission.
BBC DNA story
http://news.bbc.co....onshire/4291215.stm BBC DNA story [goldilox, Mar 29 2005]
Wiki Zero-Knowledge Proof
http://en.wikipedia...ero-knowledge_proof [contracts, Mar 30 2005]
[link]
|
|
Well, [yellow smoked salmon / aurous liquid oxygen], wouldn't this quickly just end up a rapid way to check people for outstanding warrants? I'd rather keep my cells to myself in the hopes that, if my brother is implicated, I also don't have to face the equally-simplified execution by shots-on-the-spot. |
|
|
The whole idea is that it can't be used like that. For example, a thief may have an interest in a mass murderer being caught, but is wary of assisting an investigation by submitting to DNA testing, because he knows that the DNA evidence may also be used in "fishing expeditions", and his crimes detected. With this system, he could agree for the DNA to be used only to prove a "no match" in the murder case. |
|
|
This would also protect against DNA fingerprints being leaked by or stolen from law enforcement agencies. |
|
|
I'm sorry, it just seems to me that this system would immediately lead to abuse - - at least in the United States. |
|
|
I think it would almost certainly lead to abuse, but at least the abuse would not be admissable in court. I don't think.
Anyway, croissant for you, just for being interesting. |
|
|
Quite. A whole new set of options might open up for would-be snitches. |
|
|
Without the private key, the encrypted DNA fingerprint is completely useless. The DNA owner must cooperate for it to be used, on a per enquiry basis, and this is guaranteeed mathematically. The only potential abuse of this system, that I can see, would be for law enforcement agencies to steal the private key, or trick or coerce the owner into permitting its use. This could be mitigated by requiring the request to be filtered via a magistrate, whose office would digitally sign the request. Coercion and trickey can of course already be used to obtain unencrypted DNA samples. Stolen keys can be handled using something similar to existing public key certificate revocation. |
|
|
See BBC DNA story link for an example of a situation where this could be useful. The police are requesting DNA samples to assist in tracking down a serial rapist. In this case, I would like to see the rapist apprehended, but there's no way that I would provide a DNA sample, because I would not trust that it would not be misused in future. However, I would happily provide an encrypted sample, and would digitally sign my permission for the single specific query that would eliminate me as a suspect. |
|
|
And no, I am not a thief living in Northampton! |
|
|
I bunned it, with a footnote to say that I don't see the need for all this security. I say everybodies dna should be on file so that the police can cross-check at any time. A thief left a hair at the scene of the crime? Look him up in the data-base and arrest him. I have nothing to fear because I do not do anything against the law and if I did I would deserve punishment accordingly. If you fear abuse, obviously you don't have faith in the government you yourself have elected, so you should deal with that problem first, restore your faith or overthrow the government. |
|
|
But what if your DNA somehow found itself in the hands of your unelected health insurance company, and they used the knowledge to adjust your premium, based on your genetic pre-disposition to a disease? With this system, it would be encrypted, and therefore unusable by them. |
|
|
[golidlox], there would be laws against such a thing. |
|
|
Don't count on it. Insurance enjoys a high degree of laissez faire. |
|
|
Besides, I think that the argument can be made that genetic predisposition risk is as valid a risk factor as any of the others that are commonly used against the insured. |
|
|
Is it possible, that in the near future, DNA strands could be constructed at will?
In this case, the basic idea of linking people with crime scenes may become very difficult, since DNA samples could be planted. |
|
|
Yes, and it's quite possible to do that now, by planting lots of other people's DNA at a crime scene. But my idea's not about providing increased surveillance, it's about providing a mechanism where owners have control over how their DNA is used. At the moment, this is all or nothing - you provide a sample, and you don't know how it will be used in future, so the tendancy is towards a blanket "no", even in situations where it might be beneficial for the owner to provide a sample. I should probably have used a different example. |
|
|
I'm not sure whether this will work as you wish.
Once the fingerprint has been de-crypted, how do you know it won't be distributed or copied before the file is closed again? |
|
|
This seems like an eminently sensible idea to me - allows detectives to narrow their search, serves to protect the innocent and still protects the privacy of the individual. Bun. Or do you get porridge? |
|
|
The file is never actually decrypted. Zero knowledge proofs are used to determine a match / none match. The private key is used to sign a query, which permits explicit tests to be made against the file. |
|
|
Would this require the destruction of all earlier, or alternate, DNA records in order to work? |
|
|
Isn't a pkeydna some kind of one-celled organism that you look at under a microscope? |
|
|
I need some more help with the "zero knowledge proofs are used to determine a match" part of your answer to Ling's question. |
|
|
I can say with a provably high probability that zero knowledge proofs are used in cryptography schemes but, beyond that, I can offer nothing. |
|
|
it's not clear that zero-knowledge proofs can be used to prove arbitrary matches without revealing the data being compared. |
|
|
Yes, the devil is in the detail, which I was trying to avoid, in the interests of clarity. For example, this system also requires a trusted laboratory to produce the encrypted DNA sample. I can post an expanded version with cryptographic protocols and references for the maths if there is sufficient interest. However, this will take me about half a day to write up, so it can't be immediate. |
|
| |