• Welcome to the new COTI server. We've moved the Citizens to a new server. Please let us know in the COTI Website issue forum if you find any problems.
  • We, the systems administration staff, apologize for this unexpected outage of the boards. We have resolved the root cause of the problem and there should be no further disruptions.

Spam in the 3I

Anything like bitcoin requires both sides of the transaction to be online. You couldn't do that over interstellar distances via a disconnected service like the X boats. You couldn't run a service like SWIFTT or BACS over Xboats either. There is too much opportunity for a man-in-the-middle attack as you can't do an on-line verification of the source of a transaction. All you get is a message turning up out of the blue and you have to rely on the message header to tell the truth about its origin. You can't interactively query a certificate authority to validate the identity or signature of the message.

Interstellar funds transfer is going to rely on something like bearer bonds, bank drafts or good old cash that is designed to be hard to forge. You couldn't run a secure banking network over the Xboat service.

That’s not actually the way certificate authorities work. They sign a vendor’s key and clients have copies of those signing keys so they can verify the signature of a key a vendor gives them. Your OS (or browser in the case of Firefox or Chrome) ships with a bunch of signing keys for certificate authorities. When presented with a TLS certificate the browser can verify the chain of signatures back to a certificate authority. There’s no connection that needs to be made back to the CA to do this verification.

Offline verification is just verifying a key provided by someone is signed by some third entity that you trust (or de jure trust like a government seal). It’s trivial to keep a large list of current and historical signing keys for governments and certificate authorities everywhere. It is a standard feature of cryptographic libraries today and would likely still be so in the Far Future.

In the case of bitcoin there doesn’t necessarily need to be an active or persistent network connection to operate. Bitcoin is just a distributed ledger. A bunch of transactions can be made before they are actually verified by the mining network. It would be possible (though not without challenges) to run bitcoin over a sneakernet effectively.

In the 3I one of the functions of the Imperial government would be to provide signing keys for sector governments (and they provide keys for planetary governments) so people can verify the chain of keys and know some vendor has a valid Imperial charter or license to operate. This chain of trust can also be used to verify government communications. Cryptographic signatures would be the basis of much of the operation of the Imperium. Nobles would pass down their cryptographic keyrings to heirs instead of signet rings.
 
Offline verification is just verifying a key provided by someone is signed by some third entity that you trust (or de jure trust like a government seal). It’s trivial to keep a large list of current and historical signing keys for governments and certificate authorities everywhere. It is a standard feature of cryptographic libraries today and would likely still be so in the Far Future.

Sir, It's an older code but it does check out ...

There's a fairly obvious race condition in that. If you compromise a key you could potentially have quite a while to submit fraudulent transactions based on an obsolete trust relationship. While revoked keys could be broadcast across the Xboat network a compromised key could be exploited for quite a while. Mozilla or Google can revoke keys fairly quickly by pushing out fixes to browsers that can phone home regularly for updates.

In the case of bitcoin there doesn’t necessarily need to be an active or persistent network connection to operate. Bitcoin is just a distributed ledger. A bunch of transactions can be made before they are actually verified by the mining network. It would be possible (though not without challenges) to run bitcoin over a sneakernet effectively.

That would be a minimum three week turnaround (for a single jump) to post the ledger. At least one of the bitcoin exploits relied on the quorum replication latency on a MongoDB cluster. I'll leave it as an exercise to the reader to speculate why anybody thought eventual consistency might be appropriate for what is essentially a banking system. Two-phase commit was invented for distributed financial transaction systems. A banking protocol would still have to phone home to confirm the transaction, a bit like a handshake. In this situation a bearer bond or similar instrument might be preferable as you could rock up to the destination and get your money immediately. This would be a primary function of physical currency - i.e. Imperial credits.

In the 3I one of the functions of the Imperial government would be to provide signing keys for sector governments (and they provide keys for planetary governments) so people can verify the chain of keys and know some vendor has a valid Imperial charter or license to operate. This chain of trust can also be used to verify government communications. Cryptographic signatures would be the basis of much of the operation of the Imperium. Nobles would pass down their cryptographic keyrings to heirs instead of signet rings.

I quite like this approach. If the trust web weren't 100% reliable there might also be considerable opportunity for shenanigans. Make a bribery roll to get the bureaucrat to sign your certificate key.
 
In the 3I one of the functions of the Imperial government would be to provide signing keys for sector governments (and they provide keys for planetary governments) so people can verify the chain of keys and know some vendor has a valid Imperial charter or license to operate. This chain of trust can also be used to verify government communications. Cryptographic signatures would be the basis of much of the operation of the Imperium. Nobles would pass down their cryptographic keyrings to heirs instead of signet rings.

Given that the 3I rules the stars between the planets, and that it derives its income from interstellar trade which is its virtual raison d'être, it makes sense that the 3I becomes the institution that helps guarantee a financial transfer system that maintains the integrity of those sorts of institutions.
 
Sir, It's an older code but it does check out ...

There's a fairly obvious race condition in that. If you compromise a key you could potentially have quite a while to submit fraudulent transactions based on an obsolete trust relationship. While revoked keys could be broadcast across the Xboat network a compromised key could be exploited for quite a while. Mozilla or Google can revoke keys fairly quickly by pushing out fixes to browsers that can phone home regularly for updates.

One of the ways this is prevented in the real world is to provide signing keys on a schedule. A signing key is only valid from date X to Y, any use outside of that period is invalid. So signing with a future key wouldn’t be valid nor would signing a current transaction with an out of date key. These keychains would be distributed by the sector governments (based on scheduled keys from Capital) to give the least lag to sub sector transactions. The keys from Capital are the ultimate signing authority so if they are compromised....lots of things go wrong. They’re also least likely to be compromised as they’re going to have the same level of Imperial military protection as the Emperor.


A banking protocol would still have to phone home to confirm the transaction, a bit like a handshake. In this situation a bearer bond or similar instrument might be preferable as you could rock up to the destination and get your money immediately. This would be a primary function of physical currency - i.e. Imperial credits.

Even physical currency would be based on cryptographic verification. The serial numbers for notes would be signed by the mint, who’s keys are signed by Capital’s keys, and anyone wanting to verify a credit could do so with a banking keychain.


I quite like this approach. If the trust web weren't 100% reliable there might also be considerable opportunity for shenanigans. Make a bribery roll to get the bureaucrat to sign your certificate key.

I think there can be some good adventure material around the heistening or unheistening of government signing keys. Because they would be stored on air-gapped computers they would require some suspended from the ceiling burglary. They also can’t just be unloaded on any random fence so there’s likely to be some well funded criminal enterprise involved.

They could be stored on circuitry that self-destructs upon reading (maybe old Zip disks! :D) so if they were stolen there’s no ready backup. They’re like the stolen/counterfeit currency printing plates of old.

If you’re interested in Rebellion and post-Rebellion milieu the compromise of Imperial signing and encryption keys could play a major factor in the fall of the Imperial system. Fleets receiving countermanding but totally contrary orders, nobles having their finances wiped out so they can’t fund security or military forces, dogs and cats living together. It would be pandemonium.
 
That's evil :devil: I love it!

That is some good adventure brain-storming. Wow, my network savvy only goes as far as dumping network cards in 1990s pentium tech computers and trying to get DOS based games talking to one another with TCP/IP ... you more expert types impress me.

Seriously, you ought to write that up. I could see it being a big factor in Rebellion.
 
A clear indicator is the override algorithm Jonathan Bland uses on different Navy ships across different centuries in different sectors to gain/regain control of ships. The fact that the same formula and effect is the same implies that the Imperial Navy uses the same software or routines across sectors and time.

Well, I admit I gaven't read Agent -- no interest -- but I don't see that this is necessarily the case.

I'm not sure why the idea that two X-Boats might have computers with the same capabilities but made by different manufacturers, running different operating systems and having different CPUs would be controversial. That's our world today & we communicate just fine.
 
...the compromise of Imperial signing and encryption keys could play a major factor in the fall of the Imperial system. Fleets receiving countermanding but totally contrary orders...

You mean like Lady Arbellatra Alkhalikhoi and Jonathon Bland do in IY621 to defeat the Capital Fleet during the Civil War in Agent of the Imperium?
 
Dear Folks -

I'm surprised.

There are some of you on this list who are old enough to remember a spam attack on the Traveller Mailing List (TML) back in... 1995.

(Yes, _that_ 1995. No, I'm not kidding.)

Or that Brendan O'Donovan turned it into a Traveller scenario.

So without further ado, I'll refresh your memories and present:

"Olga and the Spambots!"

https://members.tip.net.au/~davidjw/tavspecs/best_tml/Amber Zone (TNE) - Olga and the Spambots.htm

That was during the time Imperiumgames was in business, was it not? I don't see any standards and assumptions listed on the seed, so I'm assuming it's for CT to TNE T4.
 
BTW cryptographic keys figure heavily IMTU starport/ship communications, each ship and port have their own keys which ensures there aren't false codes, reporting pirates, misleading port orders, etc.
 
Another thing, which may have been mentioned earlier is preference matching, which can work in strange ways. A while ago I watched a video critical of a particular promoter of dubious 'male enhancement' products, the person making that video had also made a number of other videos criticizing left-leaning political groups, which I was not interested in.

I still get when I log on to YouTube, suggestions to videos that I have no intention of watching generated by that watching that one video.
 
What amazes me are the number of "dating site" spams I get for places I heard about in the news, and surfed anonymously just to see what the news people were talking about.

Strangely enough I also smurfed political websites, and in light of the social upheavals around the nation, I also smurfed radical websites just to see what they were up to, and yet it's sex spam that I get, and not political or radical group spam. I'm not sure why that is. I guess the criminals more associate with what they think people want, and not so much political ideologies, no matter how radical.

Translating that to Traveller; in the 3I I think spam from radical Terran groups could be a thing. Radical Solis wanting to make a buck on freeing Terra from Imperial occupation, or promising Aslan to hook them up with long lost clan members. Stuff like that. I think the schemes are endless, and this kind of thing actually goes back a few decades before email went mainstream.

Adventurers with mail contracts could probably be carrying pre-net paper version of advanced fee scams. It doesn't have to be electronic. Maybe the players come across a down and outer who lost his life savings answering a Vargr or Soli scam.
 
Greeting. I am writing on behalf of Lt. Ammai. He had accumulated millions in local currency—being phased out to use Imperial credits—from the cash brought into the world by the Imperial Army occupation prior to the world accepting Imperial rule. The soldier needed to launder this money, fast, and needed an Imperial bank account to do it. In return for a cut of the total, could he use yours?

edit: things you get posted to your inbox when you sync up with the starport systems. Time to update your phishing tools!

If you want more inspiration, for military themed 3I spam, this collection which last updated in 2015 has a comprehensive set that the compilers call "Three Kings or The Lads of Baghdad"...

http://www.scamorama.com/iraq-collection.html

Below is a free adaption of some of the material.

"Greetings, I am Captain Eneri from the Garda-Villis peacekeeping force. I got your X-mail contact from a mutual friend and decided to contact you.

Recently, we were alerted on the sudden presence of some Ine Givar terrorists camping in a suburb not too far away. After immediate intervention, we captured twelve of the terrorists and in the process of torture, they confessed and took us to a cave which served as their camp and there, we recovered some boxes among which one box contains ($8M) Eight Million Imperial Credits.

I therefore decided to contact you in the hope that you might be of help of receiving and secure the one lockbox containing the Imperial Credits offworld, for our mutual benefit."
 
Last edited:
Decryption programmes in quantum computers can use brute force to decipher legacy electronic files and protocols.
It works with reversible algorithms like prime factorisation (i.e. a quantum algorithm that can be computed in either direction), but it still only drops the complexity down to the square root of what it was. You can out-brute-force a quantum computer (in theory anyway) with bigger keys. However, finding prime factors for such a key also goes up in complexity.

Elliptic curve cryptography has no known reversible quantum computation. You're still up for a brute force search of the key space, although quantum computers (in theory) drop the complexity to the square root of what it was.

As an aside, I like the notion of jump navigation being a quantum problem - the ship's computer thus has a large, cryogenically cooled module to do the jump computations.
 
The quantum aspect can only be due to the physics of the transition, not with geography.

I've noticed that Why Arabs Lose Wars tends to pop up in my Youtube recommendations at least once a week.
 
As an aside, I like the notion of jump navigation being a quantum problem - the ship's computer thus has a large, cryogenically cooled module to do the jump computations.

IMTU the massive (ridiculous?) size of ships’ computers is for this exact reason. The jump calculations basically require a supercomputer in a box that is multiply redundant so cosmic rays don’t screw up all the calculations. The circuitry is also less dense than the state of the art to help with radiation hardening.
 
For adventure threads, what if a local crime syndicate, rebellion leader, spy, etc., is using 'spam' messages to arrange meeting places, targets, payment methods, and the like. If the PCs discover the odd sending patterns or hidden codes they could find themselves in the middle of some very powerful people not happy that their comms were intercepted. How it plays out from there....well, that's up to the PCs, right? :P
 
Going through my spam folder today, and this could be a patron encounter:

Dearest

My name is Mercy Jacob . l am 18 years old. l need your assistance. My father dead two years ago and our family members wants to kill me and seat on the inheritance my Father left for me with the financial institution,

l am now in hiding and the documents of the inheritance is with me, please help me to have this inheritance transferred to your country, and I will come to join you. l will be waiting for your reply to my emailIs only you i well trust with all my heart,i hope you will help ask well?

I am waiting to hear from you.

Regards
1. Pure spam
2. A coded message for the Ine Givar
3. Mercy really exists but has no money and is just wanting transport off-world. She will only share the documents once safely in jump, and you will see that they are worthless
4. As above but there is real money or lands involved
5. She is part of the nobility with the evil stepmother. Her nickname is Cinderella...
6. It started out as a joke from a 6 year old (hence spelling issues)
 
Back
Top