Self-verification

post by Nanashi · 2015-04-19T23:36:39.719Z · score: 6 (9 votes) · LW · GW · Legacy · 43 comments

This isn't a trick question, nor do I have a particular answer in mind. 

Tomorrow, all of your memories are going to be wiped. There is a crucial piece of information that you need to make sure you remember, and more specifically, you need to be very confident you were the one that sent this message and not a third party pretending to be you.

How do you go about transmitting, "signing", and verifying such a message*?

 

--edit: I should have clarified that one of the assumptions is that some malicious third party can/will be attempting to send you false information from "yourself" and you need to distinguish between that and what's really you.

 

--edit2: this may be formally impossible, I don't actually know. If anyone can demonstrate this I'd be very appreciative. 

 

--edit3: I don't have a particular universal definition for the term "memory wipe" in mind, mainly because I didn't want to pigeonhole the discussion. I think this pretty closely mimics reality. So I think it's totally fine to say, "If you retain this type of memory, then I'd do X." 

 

 

43 comments

Comments sorted by top scores.

comment by Kindly · 2015-04-20T01:30:40.016Z · score: 7 (7 votes) · LW · GW

Do you have access to the memory wiping mechanism prior to getting your memory wiped tomorrow?

If so, wipe your memory, leaving yourself a note: "Think of the most unlikely place where you can hide a message, and leave this envelope there." The envelope contains the information you want to pass on.

Then, before your memory is wiped tomorrow, leave yourself a note: "Think of the most unlikely place where you can hide a message, and open the envelope hidden there."

Hopefully, your two memory-wiped selves should be sufficiently similar that the unlikely places they think of will coincide. At the same time, the fact that there is an envelope in the unlikely place you just thought of should be evidence that it came from you.

comment by shminux · 2015-04-19T23:47:26.204Z · score: 6 (6 votes) · LW · GW

Retrievably swallow the key and salt you used to sign the message :)

comment by Nanashi · 2015-04-20T00:27:05.224Z · score: 1 (1 votes) · LW · GW

I edited the post because I forgot to include a key constraint to the problem, which is that an attacker can/will be trying to send you false information from "yourself" so you need a way to distinguish. In this case it's relevant because an attacker could create a false message and force you to swallow the key to that message right before your memories were wiped.

comment by DataPacRat · 2015-04-20T01:04:49.015Z · score: 5 (5 votes) · LW · GW

Er, if /all/ of my memories are gone, then wouldn't I forget my language and socialization skills as well, preventing me from even comprehending that something like a 'message' can exist? If that's not what you have in mind, then which sorts of memories remain?

comment by Gunnar_Zarncke · 2015-04-20T12:54:45.612Z · score: 0 (0 votes) · LW · GW

Presumably there is some implied distinction between episodic memory and procedural memory in particular. Otherwise one wouldn't be able to coherently reason or walk even.

But if only episodic memory is erased then one could recourse to procedural memory to prove oneself. For example the performance of a speicific trick could be used. If you relay the message to yourself via a video of yourself performing the trick this allows for easy comparison.

This brings the next class of approach: Use videos of yourself which you can compare for biometric features.

comment by Kaj_Sotala · 2015-04-20T11:15:18.287Z · score: 4 (4 votes) · LW · GW

First idea that comes to mind: log on to my online bank, make some wire transfers e.g. between my own accounts, and include the message in the wire transfer description. Alternatively, if the message is very long, an URL to it.

Getting access to my online bank requires both a username/password combo that only exists in my memory, as well as a separate authentication by entering a numerical code from a unique list of codes that gets randomly queried on each log-in, so the adversary shouldn't be capable of forging this message. When my memories are wiped, I will forget the username and password, but as long as I have a reliable way of proving my identity, I can go to the bank and have them reset.

This assumes that I can still know who I "should" be after having my memories wiped. There's also the risk of me never happening to look at my transaction history to notice the message, so this isn't entirely fool-proof.

comment by ike · 2015-04-21T14:52:53.506Z · score: 3 (3 votes) · LW · GW

There's also the risk of me never happening to look at my transaction history to notice the message, so this isn't entirely fool-proof.

For that you simply add any non-verified message to yourself telling you to look at your bank. You wouldn't trust that that message came from you, but you'd at least check.

comment by Kaj_Sotala · 2015-04-21T16:13:59.635Z · score: 0 (0 votes) · LW · GW

Ah, an excellent point.

Though if the adversary is aware of this, they can spam me with so many non-verified "look at place X" messages that I won't be able to check more than a small fraction of them.

comment by [deleted] · 2015-04-20T05:01:49.556Z · score: 4 (4 votes) · LW · GW

Can the malicious attacker also interfere in my own message to myself and falsify it or make it disappear completely?

Or, am I going to receive my own message no matter what and the attacker is only going to try to confuse me with another message or messages?

If my original message can be eliminated altogether there is no solution, because there is a probability I may never receive it and if that happens the only way to protect myself from false messages would be to "remember" that I had to be cautious about false messages and this last will not happen if all my memories are erased.

If I will receive my own message intact and my only problem is not to be confused by an attacker then a transmission-signing-verification process may be thought of.

Pls respond while I think of a solution to the latter!

comment by Nanashi · 2015-04-20T15:15:26.916Z · score: 3 (3 votes) · LW · GW

Am I going to receive my own message no matter what and the attacker is only going to try to confuse me with another message or messages?

For the sake of this, you can assume you will receive your own message no matter what. An alternate way of phrasing it would be, "Your memories have been wiped. You wake up and you find a message that purports to be from yourself. What would the message need to contain in order for you to be highly confident the message actually did come from yourself."

comment by [deleted] · 2015-04-22T20:10:39.971Z · score: 1 (1 votes) · LW · GW

Thank you for the clarification!

I think there is no objective solution since it is impossible to transmit a message where a 3rd party may interfere with it and any possibility of encryption (shared key or key exchange) is eliminated by the wipe out of the memory of the receiver.

It seems it doesn't matter if it's yourself at both ends since the hacker may even use your dna or any other "biological key" you may use in the first place.

The only solution is subjective and that leaves a space for faulty communication.

But if you find or have a solution please post it here, it would be very interesting to know!

comment by philh · 2015-04-20T13:12:30.896Z · score: 3 (3 votes) · LW · GW

Implant something into muscle memory that can be used as an encryption key. (Muscle memory has to be retained, right?)

I'm not sure exactly how to go about this. But for example, I've heard of people who say they don't know their passwords for certain sites, but their fingers know how to type them. So leave a message that says "go to this website, use the DOM editor to change the password box to a text box, and try to log in. Use the password that your fingers know as the key to decrypt this other message".

This particular version probably wouldn't work, but something along those lines might.

comment by philh · 2015-04-20T10:49:21.102Z · score: 3 (3 votes) · LW · GW

Take a video of me saying something along the lines of:

The current datetime is $whenever [ideally verify this with a clock in a public place], I'm not under duress, but I expect to die soon and for someone else to wake up in this body. You are that person. I'm trying to send you a message, but I expect other people to try to also send you messages pretending to be me. The sha256 hash of my message is $hash.

Here is a sample of your blood. You have a cut on your finger and no other recent injuries. If you do have other recent injuries, this communications channel may not be secure.

Then still (on video) cut my finger and put some blood in a glass vial. Put the video, the vial, and the message in a package and post it to myself.

I don't know how they would verify that that's their own blood, but my guess is that it can be done for a couple of hundred dollars.

comment by sentientplatypus · 2015-04-23T19:45:19.419Z · score: 0 (0 votes) · LW · GW

A video seemed like the obvious solution to me as well, but with no memories I don't think you would know what to do with the blood or even understand why that would identify you. For that matter would someone with no memories be able to even understand the message? I guess we have to assume some procedural memory is kept, but even with that it could be a stretch to understand the message even if the words were remembered.

comment by Dorikka · 2015-04-20T03:56:55.090Z · score: 3 (3 votes) · LW · GW

Unless relevant or sufficient memories are kept, there is no persistent identity to reference. Would expect the optimal solution otherwise to rely on which memories are kept, and the status of the adversary's knowledge regarding which memories were kept.

comment by Viliam · 2015-04-20T11:53:53.997Z · score: 0 (0 votes) · LW · GW

The only difference between "I did it because I wanted to" and "I did it because my enemy put a gun at my head" is in my memories... and that part is lost.

I could prepare for such situation in advance, and have a system like "everything that I do, unless I also mention it in my secret diary, I was forced to do by an enemy". But then the same problem returns: the information about the secret diary itself; is this something that I invented, or something that I was forced to do by my enemy?

So, if I could keep some of my very old memories, I could somehow leverage some mechanism that I have prepared in advance. But if I lose literally everything, there is nothing to start with. No first information in the chain that I could trust to be made voluntarily by myself.

comment by dxu · 2015-04-23T04:05:52.189Z · score: 6 (6 votes) · LW · GW

The only difference between "I did it because I wanted to" and "I did it because my enemy put a gun at my head" is in my memories... and that part is lost.

Physiologically speaking, there is in fact a difference--and this is a difference you can use.

If, for instance, your precautions include measures like sending yourself blood samples, it's likely that you'd observe significantly higher stress hormone levels in your blood if you were coerced than if you were doing it freely. So if you measure high levels of stress hormones in the blood sample, you can be fairly sure some sort of coercion was involved.

comment by ilzolende · 2015-04-20T01:56:24.754Z · score: 3 (3 votes) · LW · GW

Naively, I'd say to write it as short text and sign it with my public key, but that was under the assumption that my recent memories were being wiped.

If all my memories are being wiped there isn't really a "me" to send the message to in any reasonable sense. Even if it's just all my episodic memories I would see amnesiac!ilzolende as a member of my in-group but not as me.

I suppose I could try to package the message with a blood sample (with a lock on a timer), any sample coercively obtained would have much higher cortisol levels (edit: or show signs of sedatives or something).

comment by g_pepper · 2015-04-20T00:21:42.941Z · score: 3 (3 votes) · LW · GW

This question is partially explored in Memento.

comment by Nanashi · 2015-04-20T00:28:32.876Z · score: 3 (3 votes) · LW · GW

I edited the post because I forgot to include a key constraint to the problem, which is that an attacker can/will be trying to send you false information from "yourself" so you need a way to distinguish. In this case it's relevant because an attacker could cover you with tattoos before your memories were wiped.

comment by g_pepper · 2015-04-20T00:47:09.190Z · score: 1 (1 votes) · LW · GW

Yep, I actually realized that was a problem even before your edit, because you asked about signing and verification; this is why I said "partially explored". Still, Memento is IMO a good exploration of someone trying to deal with the issue even if his solution is not fool-proof.

comment by ChristianKl · 2015-04-20T11:31:17.088Z · score: 2 (2 votes) · LW · GW

Tomorrow, all of your memories are going to be wiped.

If that includes semantic memory, then lose my language ability and won't understand the message.

Even with intact semantic memory it likely leaves me in a state without real identity and in that state it will be easy for anyone decently skilled to convince me of a lot of things. It very unlikely that if you strip me of all my memories I will do a decent job at verification.

comment by ChaosMote · 2015-04-20T06:25:25.214Z · score: 2 (2 votes) · LW · GW

Your best bet would be to find some sort of channel for communicating with your future self that your adversary does not have access to. Other posters mentioned several such examples, with channels including:

  • keeping your long term memories (assuming that the memories couldn't be tampered with by the adversary)
  • Swallowing a message, getting it as a tattoo, etc. (assuming that the adversary can't force you to do that)
  • Using some sort of biometric lock (assuming that the adversary can't get a proper sample with causing detectable alternations to your blood chemistry which would be detectable in the sample) My personal addition: tell your friends/neighbors/the news the story. Unless your adversary can make you lie (or take your form or use mind magic or whatnot), these people can act as the channel you need.

If you don't have a channel of that sort, I believe you are out of luck. A formal proof eludes me at this time; I'll post again if I figure out out.

comment by oge · 2015-04-25T03:45:00.216Z · score: 1 (1 votes) · LW · GW

Could you please explain what motivated you to ask this question? It'd help motivate me to play the game...

comment by Nanashi · 2015-04-25T20:49:24.632Z · score: 2 (2 votes) · LW · GW

Specifically, I planned on imagining what my response would be if I found a message supposedly "from myself" that was transmitted using one of these methods. How likely would I be to truly integrate into my identity this event of which I have no memory?

comment by ilzolende · 2015-04-28T00:54:25.124Z · score: 2 (2 votes) · LW · GW

I would probably believe something signed with my own PGP key enough to thoroughly investigate it. If I found something packaged with a blood sample I probably would not be willing to pay to check the sample, because I'm a minor and the costs of testing a DNA sample are something like a year of income for me. Since I wouldn't verify the sample I would probably take the message about as seriously as I'd take anything else in my own handwriting with my signature, which is to say I'd put in several hours of effort but not much more unless I found confirming evidence. If I found a video of myself saying things, accompanied by a PGP sig and a PGP-signed transcript, which did not include any subtle signals of coercion that I could have potentially sent, I'd be very confident.

comment by RichardKennaway · 2015-04-26T09:12:30.946Z · score: 2 (2 votes) · LW · GW

Have you ever read your own diary from fifty years previously? :)

comment by Nanashi · 2015-04-26T19:24:24.996Z · score: 2 (2 votes) · LW · GW

Given that I'm 29, I think that would be spectacularly bewildering.

comment by Unknowns · 2015-04-26T09:29:44.493Z · score: 1 (1 votes) · LW · GW

From thirty years ago. Amazingly boring.

comment by DanielLC · 2015-04-23T06:52:12.558Z · score: 1 (1 votes) · LW · GW

Gather a series of pictures. Grade how much you like each one. Put all this in your message. Time lock your message so that Mal can't decrypt them in time to find out which pictures you like. If Mal puts a gun to your head and asks what pictures you like, lie. You'll know a message is from you if it matches your tastes.

comment by Kyre · 2015-04-21T04:35:40.206Z · score: 1 (1 votes) · LW · GW

Tattoo private key on inside of thigh.

comment by [deleted] · 2015-04-20T14:18:30.611Z · score: 1 (1 votes) · LW · GW

"A virus essentially obliterated Lonni Sue Johnson’s hippocampus, and she can no longer recall what happened five minutes earlier. Her life has become an endless series of jump cuts."

http://www.newyorker.com/magazine/2015/03/30/an-artist-with-amnesia

Based on Lonnie Sue's experience, I would employ repetition and patterns to try to deliver a message to myself after amnesia. It might work and it might not. I would repeat the message many times in many forms (written, recorded, etc). I would make a pattern that when completed conveys the message (a series of numbers that leads to more numbers that leads to the message). Wrapping the message in emotion and music might help too.

comment by Gunnar_Zarncke · 2015-04-21T20:06:40.181Z · score: 1 (1 votes) · LW · GW

See also Memento)

comment by eurg · 2015-04-20T13:41:14.368Z · score: 1 (1 votes) · LW · GW

As others pointed out, "memory wipe" is a broad category, but assuming that this is about episodic memory:

How about sending yourself a letter via delivery service on a specific date in handwriting + audio-recording? This of course completely ignores any other faked messages that would need to be discarded, but even with only episodic memory loss, I assume I'd be so confused as to be easy game for even the most incompetent scammer.

If this is about formal guarantees, we need to have some more precise ideas about the "memory wipe" and the adversary in question. In the most general case, likely game over.

comment by trumste0412 · 2015-04-27T17:45:15.657Z · score: 0 (0 votes) · LW · GW

I have a plan that may not be foolproof, however I believe it may be the most advantageous plan so far. Knowing that there will be a third party trying to destroy your message and implant a new one you would first have to make a decoy for him to find and destroy or edit. The next step would to cut yourself on your inner thigh to the point that once you wake up it will discomfort you enough to investigate the wound. I unfortunately did not save the link to it but I found a special ink online that will disappear after the first writing and reappear after a 24 hour period. Using the ink, write a note explaining the situation. I think most people would believe the hidden message on your thigh in your own handing writing then what some third party told you or a forged letter they made pretending to be you. If I have any holes in my plan please let me know.

comment by Ishaan · 2015-04-27T13:59:42.971Z · score: 0 (0 votes) · LW · GW

If you know of the existence of such tech before "tomorrow", one way would be to have a secret-name that no one else knew. That is, create a word that means "a secret name referring to me that no one else knows that I use to ID myself" and keep thinking about it every day to put that word into your semantic memory so that the mind-wipe won't touch it.

--edit2: this may be formally impossible, I don't actually know. If anyone can demonstrate this I'd be very appreciative.

The case of Clive Wearing is the most profound memory loss I know of. He has a diary in which he keeps recording "NOW I AM AWAKE FOR THE FIRST TIME" and such as he keeps finidng himself conscious, and then crosses the previous entry because he thinks someone else wrote it. However, he retains knowledge of his wife (See the "hello darling I love you" entry in the diary) and how to play music.

Many of our most important memories (such as Clive Wearing's wife) become intrinsic features of our semantic knowledge. He would have remembered "wife" even independantly of any particular memory he had of her because she would be a fact about his world, in the same sense that he'd remember "chair". That's not to say that those memories can't be removed, but unless somehow targeted semantic dementia will also remove general knowledge about the world and word meanings.

Your character would only have Retrograde amnesia whereas Clive has both types of amnesia simultaneously, so if you wish to insert realism I'd suggest following the citations and reading some of the case studies. I imagine a villain might add capgras or prosopagnosia to the mix to circumvent recognition of loved ones.

comment by Elo · 2015-04-24T01:11:49.642Z · score: 0 (0 votes) · LW · GW

I am late to comment and your edits may cover this but I think:

  1. The problem is too flexible where "memory wipe" could wipe any possible way for you to know the signal you are looking to trust and
  2. "malicious party" can be flexible enough to always win.

Any signal that you were trying to hide in your environment might be detected by a "malicious entity" and interfered with; and any signal that might be hidden inside your brain might be wiped, depending on your definition of each part; it may be impossible to defeat the challenges.

comment by SilentCal · 2015-04-21T20:56:08.696Z · score: 0 (0 votes) · LW · GW

One potential subproblem is how to set a time-release message that was verifiably sent over 24 hours ago and not read since being sent. Embedding a reliable secret in such a message would then authenticate it as yours (if you had such a secret).

My first thought is to post the message publicly, encrypted, with the intention that it be brute-forced. The viability of this depends on the adversary's compute resources compared to yours, and how long you're willing to wait before being able to read the message.

Otherwise you could try to pursue physical means. If you had the resources, maybe you could send something into space and back? Otherwise, what you need is a seal such that you can verify how long it's been sealed. This probably exists, but it comes down to materials science, which I don't know well. Maybe if you suspend the message in water and put it in a freezer, you'll be able to verify that it's been freezing for a certain duration at a certain temperature?

comment by [deleted] · 2015-04-20T04:52:46.369Z · score: 0 (0 votes) · LW · GW

The most relevant piece of information seems to be 'there's an enemy out there trying to mislead you for some reason', so the real question is not 'what to send' but 'how to send it'.

  1. Tell everybody you are going to be mind wiped tomorrow, so let's finish our business today.
  2. Arrange for yourself to find yourself in disturbing circumstances, so as to be alarmed when you wake up.
  3. Arrange for your friends to mock-attack you early on the morning so that you will know there's danger.
comment by DataPacRat · 2015-04-20T01:07:47.388Z · score: 0 (0 votes) · LW · GW

Time-travel password that you invented years ago and have never spoken aloud, written down, or even hinted at the contents of outside your own head. Don't leave home without one.

And remember: 1 and 0 are not probabilities, so in the real world, the best you can do is arrange for the maximum amount of convincing evidence that's feasible, not any sort of logically perfect system of absolute certainty.

comment by Kindly · 2015-04-20T01:23:53.767Z · score: 0 (0 votes) · LW · GW

Wouldn't you forget the password once your memories are wiped?

comment by DataPacRat · 2015-04-20T02:09:35.916Z · score: 0 (0 votes) · LW · GW

That depends on how many of your memories are wiped, or if it's episodic memory versus declarative memory, or if it's recent memories versus long-term memories. Remember, enough of your memories have to still exist for you to understand the message, for the problem to make any sense at all.

comment by RichardKennaway · 2015-04-24T10:17:49.866Z · score: -1 (1 votes) · LW · GW

The problem is equivalent to this one: An unstoppable force is coming your way. Devise an immovable shield against it.