# Ensure that a file can only be decrypted after a specific date

Time is relative. Cryptography lives in the ethereal world of abstract computing machines: there are machines that can do operations. Bigger machines can do operations faster. There is no clock that you can enforce; physical time has no meaning. In other words, if an attacker wants to get your file earlier, he just has to buy a faster computer.

Now one can still make an effort. You may be interested in time-lock puzzles. The idea is to be able to make a problem instance that is easy to build but expensive to open, where the cost is configurable. The solution found by Rivest, Shamir and Wagner (to my knowledge, this is the only practical time-lock puzzle known so far) works like this:

- Generate a random RSA modulus
*n*=*pq*where*p*and*q*are big primes (and also*p*= 3 mod 4, and*q*= 3 mod 4). - Generate a random
*x*modulo*n*. - For some integer
*w*, define*e*= 2^{w}, and compute*y*=*x*^{e}mod*n*. - Hash
*y*with some hash function, yielding a string*K*that you use as key to encrypt the file you want to time-lock. - Publish
*x*,*n*,*w*and the encrypted file. Discard*p*,*q*,*y*and*K*.

The tricky point is that computing *y*, in all generality, has a cost which is proportional to *w*: it is a succession of *w* modular squarings. If *w* is in the billions or more range, then this is going to be expensive. However, when the *p* and *q* factors are known, then one can compute *e* modulo *p-1* and *q-1*, which will be a lot shorter, and the computation of *y* can be performed within a few milliseconds.

Of course this does not guarantee a release at a specific *date*; rather, it guarantees a minimum *effort* to unlock the puzzle. Conversion between effort and date depends on how hard attackers try...

The time-lock puzzle expressed above has some nice characteristics, in particular being impervious to parallelism. If you try to break *one* such puzzle and you have *two* computers, you won't get faster than what you could do with a single computer.

In a somewhat similar context, this time-lock puzzle is used in the Makwa password hashing function, candidate to the ongoing PHC. In password hashing, you *want* a configurable opening effort (albeit within a much shorter time frame, usually less than a second).

If you do not want to involve a third party, you (the party encrypting the file) could simply release the key to decrypt the file on the target date.

I have seen this done for video game releases. Customers are allowed to download an encrypted copy of the game in advance. Then, when the release time comes, the game company simply releases the key. That way, people can start playing immediately when the game is released, without needing to wait for a download.

Carefully place a spaceship broadcasting the decryption key in orbit around a black hole. The pull of gravity will delay the message until the appropriate time.

Or you could just do like normal people and place the key broadcasting spaceship an appropriate number of light years away from the intended audience.