Abstract
The verification of arms-control and disarmament agreements requires states to provide declarations, including information on sensitive military sites and assets. There are important cases, however, in which negotiations of these agreements are impeded because states are reluctant to provide any such data, because of concerns about prematurely handing over militarily significant information. To address this challenge, we present a cryptographic escrow that allows a state to make a complete declaration of sites and assets at the outset and commit to its content, but only reveal the sensitive information therein sequentially. Combined with an inspection regime, our escrow allows for step-by-step verification of the correctness and completeness of the initial declaration so that the information release and inspections keep pace with parallel diplomatic and political processes. We apply this approach to the possible denuclearization of North Korea. Such approach can be applied, however, to any agreement requiring the sharing of sensitive information.
Acknowledgements
The authors thank B. Barak, R. J. Goldston, F. von Hippel, and Z. Mian for their comments and feedback.
Notes
1 J. Newhouse, Cold dawn: The story of SALT (Washington, DC: Pergamon, 1989).
2 National Academy of Sciences, The Future of U.S. Nuclear Weapons Policy (Washington, DC: National Academies Press, 1997).
3 Committee on International Security and Arms Control, Monitoring Nuclear Weapons and Nuclear-Explosive Materials: An Assessment of Methods and Capabilities (Washington, DC: National Academies Press, 2005).
4 A. Glaser and Z. Mian, “Denuclearizing North Korea: A verified, phased approach,” Science, 361 (2018): 981–983; R. S. Kemp, “North Korean disarmament: build technology and trust,” Nature, 558 (2018): 367–369; N. E. Busch and J. F. Pilat, The Politics of Weapons Inspections: Assessing WMD Monitoring and Verification Regimes (Stanford, CA: Stanford University Press, 2017).
5 International Panel on Fissile Materials, “U.S. proposal for verification of North Korea‘s denuclearization,” In Global Fissile Material Report 2009: A Path to Nuclear Disarmament (Princeton, IPFM, 2009), http://fissilematerials.org/library/gov08a.pdf .
6 V. P. Crawford, “A theory of disagreement in bargaining,” Econometrica: Journal of the Econometric Society, 50 (1982): 607–637; B. Levenotoğlu and A. Tarar, “Prenegotiation commitment in domestic and international bargaining,” American Political Science Review 99 (2005): 419–433.
7 See Appendix A for a glossary of cryptographic terms used in the manuscript. The mathematical definitions of most terms can be found in O. Goldreich, Foundations of Cryptography (New York, NY: Cambridge University Press, 2009).
8 S. Barrett, Environment and Statecraft: The Strategy of Environmental Treaty-Making (Oxford: Oxford University Press, 2003); National Research Council, Verifying Greenhouse Gas Emissions: Methods to Support International Climate Agreements (National Academies Press, 2010).
9 M. Fischlin, A. Lehmann, and K. Pietrzak, “Robust Multi-Property Combiners for Hash Functions,” Journal of Cryptology, 27 (2014): 397–428.
10 R. C. Merkle, “A Digital Signature Based on a Conventional Encryption Function,” Lecture Notes in Computer Science, 293 (1988): 369–378.
11 United States of America, Treaty between the United States of America and the Russian Federation on Measures for the Further Reduction and Limitation of Strategic Offensive Arms (2011).
12 S. Micali, M. Rabin, and J. Kilian, “Zero-Knowledge Sets,” In Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science, 11–14 October 2003, (Cambridge MA, 2003), 80–91.
13 M.J. Mazarr, G. Gentile, D. Madden, S. L. Pettyjohn, and Y. K. Crane, The Korean Peninsula: Three Dangerous Scenarios (RAND Corporation, 2018) https://www.rand.org/pubs/perspectives/PE262.html.
14 S. Haber and W. Stornetta, “How to Time-Stamp a Digital Document,” Advances in Cryptology-CRYPT0’90 Proceedings, Advances in Cryptology (1991): 437–455.
15 A. Glaser and Z. Mian, “Denuclearizing North Korea: A Verified, Phased Approach,” 981.
16 S. Fetter and T. Garwin, “Using tags to monitor numerical limits in arms control agreements,” In Blechman B.M. (ed.), Technology and the Limitation of International Conflict, (Washington, D.C.: Foreign Policy Institute, School of Advanced International Studies, Johns Hopkins University, 1989), 33–54.
17 D. M. Kilgour, “Site selection for on-site inspection in arms control,” Contemporary Security Policy 13 (1992): 439–462.
18 Preimage resistance means that for any output y of the hash function h, it is computationally hard to find any input x that hashes to that output, i.e., given y, it is difficult to find x such that h(x) = y. Collision resistance (or second-preimage resistance) means that for any input x, it is computationally hard to find any other input x’ that hashes to the same value, i.e., given x, it is difficult to find x’ ≠ x such that h(x) = h(x’). See: P. Rogaway and T. Shrimpton, “Cryptographic hash-function basics: definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance,” In Fast software encryption, (Berlin/Heidelberg: Springer, 2004), 371–388.
19 M. J. Dworkin, “SHA-3 standard: Permutation-based hash and extendable-output functions,” NIST, Federal Information Processing Standards, (NIST FIPS-202) (2015); Q. H. Dang, “Secure hash standard,” NIST, Federal Information Processing Standards (NIST FIPS-180-4) (2015).
20 X. Wang, and H. Yu, “How to break MD5 and other hash functions,” In EUROCRYPT Lecture Notes in Computer Science 3494 (2005): 19–35; S. Caskey, T. Draelos, R. Schroeppel, and K. Tolk, “Impacts of collisions within hashing algorithms and safeguards data,” In Proceedings of the 47th Institute of Nuclear Materials Management Annual Meeting, 16–20 July 2006 Nashville, TN (2006).
21 M. Stevens, E. Bursztein, P. Karpman, A. Albertini, and Y. Markov, “The first collision for full SHA-1,” Lecture Notes in Computer Science 10401 (2017): 570–596.
22 Fischlin et al., “Robust multi-property combiners for hash functions,” 399.