CWI Cryptology Group

Abstract: Digital evidence, such as digital signatures, is of crucial importance in the emerging digitally operating economy because it is easy to transmit, archive, search, and verify. Nevertheless the initial promises of the usefulness of digital signatures were too optimistic. This calls for a systematic treatment of digital evidence. The goal of this paper is to provide a foundation for reasoning about digital evidence systems and legislation, thereby identifying the roles and limitations of digital evidence, in the apparently simple scenario where it should prove that an entity A agreed to a digital contract d.
Our approach is in sharp contrast to the current general views documented in the technical literature and in digital signature legislation. We propose an entirely new view of the concepts of certification, time-stamping, revocation, and other trusted services, potentially leading to new and more sound business models for trusted services. Some of the perhaps provocative implications of our view are that certificates are generally irrelevant as evidence in a dispute, that it is generally irrelevant *when* a signature was generated, that a commitment to be liable for digital evidence cannot meaningfully be revoked, and that there is no need for *mutually* trusted authorities like certification authorities. We also propose a new type of digital evidence called digital declarations, based on a digital recording of a willful act indicating agreement to a document or contract.