Sometimes people want to make a prediction about a future event but keep it secret because it could influence the outcome. For example, “I predict Cecil will write a column about swine flu.” If Cecil knows about my prediction, it will influence whether or not he writes a column on that topic.
So what I was thinking was encrypting the prediction with a private key. This way the prediction is unreadable. I can post it anywhere I like for all to see. No one will be able to read it until I reveal the public key. So when he does write that column, I can say “I predicted he’d do that back on 4/27. Decode my message with this public key and you’ll see.”
However, my concern is that a scammer might game the system to his advantage. One possibility is that the scammer just posts a bunch of garbage characters as his prediction. Then when the outcome is revealed he determines some value which will “decode” the garbage as being that outcome. He posts that value as the public key.
Would there be risks to using PGP in this way? Or is it not an issue and there is only one public key that will work?
I do not think it is possible in practice to develop another key which would make the message say something else but just for the sake of discussion, the message could be encrypted with a key which could itself be encrypted and published.
And it does not matter whether you use PGP or other encryption but PGP would be doubly impossible because the message itself is not encrypted with your key but with a random key.
So the process to decrypting is: your private key decrypts the randomly generated message key and that key is then used to decrypt the message. It is impossible to have another personal key which would decrypt the message key in such a way that the message was decrypted differently.
You have your keys mixed up: You encrypt the message using your public key, and publish the encrypted message and the public key. When you want to say “I told you so”, you publish the plaintext message. Anyone else can apply the already-known public key to the newly-revealed plaintext, and confirm that it produces the same ciphertext that you originally released, thereby confirming that the plaintext is genuine. You need never publish your private key at all.
The concept you’re looking for is hash collision. A hash is a number produced by processing the message in a certain way. A particular message will always produce the same number. A good hash algorithm makes it computationally impossible to deduce the original message from the hash.
I would guess that PGP makes a hash of the original message, the time and date it was signed, plus some user identifier. When the message is decrypted, the hash is recomputed, and if it matches the original hash, you know the decryption was successful. This means that the date of the encryption can be verified.
A good hash algorithm makes it computationally difficult to create another plaintext message with the same hash. The problem comes if the hash algorithm is broken (see the MD5 hash). Then it’s become possible to create multiple messages with the same hash. This potentially allows a forger to create an encrypted message with more than one solution to the decryption. Hence, multiple predictions hidden in one message.
Whether or not PGP suffers this problem, depends on the hash algorithm they use.
You could accomplish the same thing using a hashing function like MD5 or SHA, counldn’t you? If I didn’t want to futz around with keys, I could make my prediction and publish the MD5/SHA/whatever hash. On the day of the big reveal, I could publish the plaintext. Then no one would need a key, just a function to run the hash, which are probably out on a number of websites.