The concept of duplicating a bill of sale does not usually make us lose confidence in it. However, digitally, a duplicated bill of sale might be presented as a new and separate purchase, perhaps after minor modification.
This theory attempts to autheticate a bill of sale, using lossy compression to watermark it. For specific illustration, employ lossy Vigenere – the password affords such a watermark, since each password would drop out ‘letters,’ uniquely characteristic to that password.
The watermark proper, is accomplished as follows:
- encrypt using a unique password (with the lossy algorithm.)
- decrypt using the same unique password
For software, one could attempt to arrange the watermark with REM statements. Here we describe a photograph.
Postulate a mysteriously desirable photograph, unseen by human eyes. It is in RAW format.
The author employs a date-time stamp, XORed with his identifying password, to watermark his RAW photo. He stores the original where it cannot be duplicated, together with a master copy of his watermarked version.
On a secure computer, the seller stores the watermarked master, an RSA key, and an RSA signing key pair. The purchaser will provide an equivalent complement for each, during the transaction.
The RSA exchange identifies the buyer and the seller. The signing key pair is employed to uniquely identify the receipt. (RSA signing is accomplished by signing a message digest that is unique to the message – in this case the photograph.)
When the purchaser buys the photo, the seller assigns the buyer a unique password to watermark the photo = the sale. If we employed the buyer’s RSA public key, anyone who could obtain the buyer’s public key could duplicate the watermark, if first he stole a copy of the author’s master version.
The seller becomes responsible to store the buyer’s [RSA public key/Sale authenticating password] confirmation pair, as long as the receipt can be used to obtain warranty..
Having watermarked the copy with a password unique to the buyer, the seller then RSA signs a message digest of the buyer’s distributed copy, and sends a copy of the signature, and the photo (aka the message) to the buyer. The buyer is the only person who can decrypt it, and he can prove that the copy he possesses is in fact the copy he paid for, using his RSA signed watermarked end-user version.
If a master copy is stolen, and presented as original workmanship, the author and the plaintiff are stationed at separate computers, each with a RAW copy. Each is asked to enter the identifying password, which is then XORed with the date-time stamp (obtained from metadata, if not stored by the author) and the work watermarked. Presumably the thief cannot duplicate the master watermark.
If a third party steals a distributed copy, he must do one of two things:
- obfuscate the watermark
- distribute many copies of a particular watermarked copy, leading to many counts on any indictment
If a copy is stolen, it’s ownership can be proven by the owner presenting the message digest receipt to the seller. The seller then looks up the buyer’s sale authenticating password, from his records, and watermarks a master copy with the relevant password. Then, by comparing (a message digest of) the computed duplicate with the (message digest of the) original, it can be proven that this is in fact, the authorized buyer, and it is his copy. He is identifiable by his RSA keys.
In practice, a thief might duplicate many parts of the exchange, but in the end, he must ultimately fail to decrypt a replacement copy, encrypted with the buyer’s RSA public key.