[144854] in cryptography@c2.net mail archive
how to encrypt and integrity-check with only one key
daemon@ATHENA.MIT.EDU (Zooko Wilcox-O'Hearn)
Mon Sep 14 20:08:02 2009
To: Cryptography List <cryptography@metzdowd.com>
From: Zooko Wilcox-O'Hearn <zooko@zooko.com>
Date: Mon, 14 Sep 2009 10:22:16 -0600
--Apple-Mail-7--239770055
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=US-ASCII;
delsp=yes;
format=flowed
Folks:
I had an idea about how to use a single key to accomplish both
encryption and integrity checking on an immutable file. I posted it
to the tahoe-dev list [1], and David-Sarah Hopwood followed up with
an interesting new crypto cap design [2]. Here is the basic crypto
trick, which may be useful in other contexts than Tahoe-LAFS.
Suppose you have some data and you want to control who gets to see
it, and you also want anyone who sees it to be able to verify its
integrity. So far, these requirements are familiar to
cryptographers. The obvious answer is to encrypt the data and then
to MAC (Message Authentication Code) the ciphertext. There would be
one key for the encryption and one key for the MAC. However, this
has the wrong semantics for our purposes -- anyone who is given the
ability to check the integrity (by being given the MAC key) is also
given the ability to create new texts which would verify. Likewise,
whoever creates the initial MAC tag can also create other MAC tags
which would cause others files to also verify. Instead, we want a
single file that can pass the integrity check, and nobody -- not a
reader who is able to verify integrity nor even the writer who
initially created the file -- is able to make a different file which
would also pass the integrity check.
Therefore, we want the integrity check value to be the secure hash of
the file itself. That's what we currently have in Tahoe-LAFS. The
immutable file read cap is a concatenation of two values: the
decryption key and the secure hash. The latter is solely for
integrity-checking. Actually in Tahoe-LAFS, the integrity check
value is not just a flat hash of the plaintext, but instead it is the
hash of the roots of a pair of Merkle Trees, one for verifying the
correctness of the shares and the other for verifying the correctness
of the ciphertext (see [3]).
Now, convergent encryption could do both jobs with one value! If you
let the symmetric key be the secure hash of the plaintext, then the
reader could use the symmetric key to decrypt, then verify that the
key was the hash of the plaintext. However, you can't always use
convergent encryption. Not only because of the security issues [4],
and not only because it requires two passes over the file which
prevents "on-line" processing, but also because you might need to
generate the symmetric key and/or the integrity check value in a
different way. For example, the Tahoe-LAFS integrity-check value
isn't just a secure hash of the plaintext. It would be inefficient
to generate the full Tahoe-LAFS integrity check value before
beginning to encrypt, and we want to be able to give someone the
integrity check value (in a verify cap) without thus giving them the
decryption key (i.e. the read cap).
So here is my idea to use a single value to accomplish both
decryption and integrity checking even when you can't set the
symmetric key to be the secure hash of the plaintext. You use the
encryption key K1 to encrypt the plaintext to produce the ciphertext,
and in the same pass you compute the integrity-check value V. Then
you compute the secure hash of the combination of K1 and V, let's
call the result R = H(K1, V). Then you encrypt K1 using R and store
the encrypted K1_enc with the ciphertext. Now R is the real key --
the read cap. If someone gives you R, the ciphertext, and the
encrypted K1_enc, then you first use R to decrypt K1, check that R = H
(K1, V), then perform the decryption and integrity-checking of the
ciphertext.
Here is a diagram: [5] (also attached).
David-Sarah Hopwood suggested the improvement that the integrity-
check value "V" could be computed as an integrity check (i.e. a
secure hash) on the K1_enc in addition to the file contents.
Regards,
Zooko
[1] http://allmydata.org/pipermail/tahoe-dev/2009-September/002796.html
[2] http://allmydata.org/pipermail/tahoe-dev/2009-September/002848.html
[3] http://allmydata.org/~zooko/lafs.pdf
[4] http://hacktahoe.org/drew_perttula.html
[5] http://zooko.com/imm-short-readcap-simple-drawing.svg
--Apple-Mail-7--239770055
Content-Transfer-Encoding: 7bit
Content-Type: application/octet-stream;
x-unix-mode=0664;
name=imm-short-readcap-simple-drawing.svg
Content-Disposition: attachment;
filename=imm-short-readcap-simple-drawing.svg
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
width="744.09448819"
height="1052.3622047"
id="svg2564"
sodipodi:version="0.32"
inkscape:version="0.46"
sodipodi:docname="imm-short-readcap-simple-drawing.svg"
inkscape:output_extension="org.inkscape.output.svg.inkscape">
<defs
id="defs2566">
<marker
inkscape:stockid="Arrow1Mend"
orient="auto"
refY="0.0"
refX="0.0"
id="Arrow1Mend"
style="overflow:visible;">
<path
id="path3193"
d="M 0.0,0.0 L 5.0,-5.0 L -12.5,0.0 L 5.0,5.0 L 0.0,0.0 z "
style="fill-rule:evenodd;stroke:#000000;stroke-width:1.0pt;marker-start:none;"
transform="scale(0.4) rotate(180) translate(10,0)" />
</marker>
<inkscape:perspective
sodipodi:type="inkscape:persp3d"
inkscape:vp_x="0 : 526.18109 : 1"
inkscape:vp_y="0 : 1000 : 0"
inkscape:vp_z="744.09448 : 526.18109 : 1"
inkscape:persp3d-origin="372.04724 : 350.78739 : 1"
id="perspective2572" />
</defs>
<sodipodi:namedview
id="base"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
gridtolerance="10000"
guidetolerance="10"
objecttolerance="10"
inkscape:pageopacity="0.0"
inkscape:pageshadow="2"
inkscape:zoom="1.2578406"
inkscape:cx="275.35584"
inkscape:cy="585.82448"
inkscape:document-units="px"
inkscape:current-layer="layer1"
showgrid="false"
inkscape:window-width="1600"
inkscape:window-height="1140"
inkscape:window-x="-5"
inkscape:window-y="-3" />
<metadata
id="metadata2569">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
</cc:Work>
</rdf:RDF>
</metadata>
<g
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1">
<rect
style="opacity:1;fill:#75dd7a;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:0.5;marker:none;marker-start:none;marker-mid:none;marker-end:none;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
id="rect3169"
width="265.9595"
height="25.164999"
x="264.19772"
y="361.55246" />
<text
xml:space="preserve"
style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Charter;-inkscape-font-specification:Bitstream Charter"
x="364.8577"
y="376.49991"
id="text3171"><tspan
sodipodi:role="line"
x="364.8577"
y="376.49991"
id="tspan3175">ciphertext</tspan></text>
<path
style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;marker-end:url(#Arrow1Mend);stroke-miterlimit:4;stroke-dasharray:1, 1;stroke-dashoffset:0;stroke-opacity:1;display:inline"
d="M 388.67807,387.36771 L 389.24023,422.78374"
id="path2558"
inkscape:connector-type="polyline" />
<rect
style="opacity:1;fill:#e4161b;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:0.5;marker:none;marker-start:none;marker-mid:none;marker-end:none;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
id="rect2590"
width="30"
height="29"
x="169.61424"
y="300.91129" />
<text
xml:space="preserve"
style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans;-inkscape-font-specification:Bitstream Vera Sans"
x="177.21349"
y="320.71091"
id="text2592"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan2594"
x="177.21349"
y="320.71091">K1</tspan></text>
<rect
style="opacity:1;fill:#e4161b;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:0.5;marker:none;marker-start:none;marker-mid:none;marker-end:none;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
id="rect2383"
width="265.9595"
height="25.164999"
x="265.25504"
y="219.62921" />
<text
xml:space="preserve"
style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Charter;-inkscape-font-specification:Bitstream Charter"
x="365.91504"
y="234.57666"
id="text2385"><tspan
sodipodi:role="line"
x="365.91504"
y="234.57666"
id="tspan2389">plaintext</tspan></text>
<rect
style="opacity:1;fill:#e416d0;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:0.5;marker:none;marker-start:none;marker-mid:none;marker-end:none;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
id="rect2393"
width="31.086176"
height="19.737255"
x="372.57281"
y="292.43002" />
<text
xml:space="preserve"
style="font-size:8px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Charter;-inkscape-font-specification:Bitstream Charter"
x="375.78012"
y="303.28549"
id="text3165"><tspan
sodipodi:role="line"
id="tspan3167"
x="375.78012"
y="303.28549">encrypt</tspan></text>
<path
style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.9436956px;stroke-linecap:butt;stroke-linejoin:miter;marker-end:url(#Arrow1Mend);stroke-opacity:1;display:inline"
d="M 386.99159,313.72484 L 386.99159,347.45439"
id="path3179"
inkscape:connector-type="polyline" />
<path
style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.8703087px;stroke-linecap:butt;stroke-linejoin:miter;marker-end:url(#Arrow1Mend);stroke-opacity:1;display:inline"
d="M 385.86727,246.82788 L 386.42943,290.11415"
id="path3959"
inkscape:connector-type="polyline" />
<path
style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;marker-end:url(#Arrow1Mend);stroke-opacity:1"
d="M 204.28982,311.4762 L 366.1917,303.60597"
id="path2610"
inkscape:connector-type="polyline" />
<path
style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;marker-end:url(#Arrow1Mend);stroke-miterlimit:4;stroke-dasharray:1, 1;stroke-dashoffset:0;stroke-opacity:1;display:inline"
d="M 381.60637,459.28229 L 145.48743,561.839"
id="path3903"
inkscape:connector-type="polyline" />
<path
style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;marker-end:url(#Arrow1Mend);stroke-miterlimit:4;stroke-dasharray:1, 1;stroke-dashoffset:0;stroke-opacity:1;display:inline"
d="M 178.08297,331.28515 L 137.5373,561.04399"
id="path3905"
inkscape:connector-type="polyline" />
<rect
style="opacity:1;fill:#e4161b;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:0.5;marker:none;marker-start:none;marker-mid:none;marker-end:none;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
id="rect3907"
width="30"
height="29"
x="122.72105"
y="564.14795" />
<rect
style="opacity:1;fill:#75dd7a;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:0.5;marker:none;marker-start:none;marker-mid:none;marker-end:none;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
id="rect3923"
width="30"
height="29"
x="376.48883"
y="430.20792" />
<text
xml:space="preserve"
style="font-size:16px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:DejaVu Serif;-inkscape-font-specification:DejaVu Serif"
x="387.55371"
y="448.0809"
id="text3925"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan3927"
x="387.55371"
y="448.0809">v</tspan></text>
<text
xml:space="preserve"
style="font-size:8px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:DejaVu Serif;-inkscape-font-specification:DejaVu Serif"
x="428.92755"
y="589.70508"
id="text3929"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan3931"
x="428.92755"
y="589.70508" /></text>
<text
xml:space="preserve"
style="font-size:16px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:DejaVu Serif;-inkscape-font-specification:DejaVu Serif"
x="133.78586"
y="581.45868"
id="text3933"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan3935"
x="133.78586"
y="581.45868">r</tspan></text>
<rect
style="opacity:1;fill:#e416d0;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:0.5;marker:none;marker-start:none;marker-mid:none;marker-end:none;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
id="rect3937"
width="31.086176"
height="19.737255"
x="182.76958"
y="436.75864" />
<text
xml:space="preserve"
style="font-size:8px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Charter;-inkscape-font-specification:Bitstream Charter"
x="185.97688"
y="447.61411"
id="text3939"><tspan
sodipodi:role="line"
id="tspan3941"
x="185.97688"
y="447.61411">encrypt</tspan></text>
<text
xml:space="preserve"
style="font-size:8px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:DejaVu Serif;-inkscape-font-specification:DejaVu Serif"
x="388.67807"
y="281.68173"
id="text3943"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
x="388.67807"
y="281.68173"
id="tspan3947">data</tspan></text>
<text
xml:space="preserve"
style="font-size:8px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:DejaVu Serif;-inkscape-font-specification:DejaVu Serif"
x="343.70532"
y="298.54651"
id="text3951"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan3953"
x="343.70532"
y="298.54651">key</tspan></text>
<path
style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;marker-end:url(#Arrow1Mend);stroke-opacity:1;display:inline"
d="M 188.41815,330.49014 L 197.16329,432.25184"
id="path3955"
inkscape:connector-type="polyline" />
<text
xml:space="preserve"
style="font-size:8px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:DejaVu Serif;-inkscape-font-specification:DejaVu Serif"
x="197.17406"
y="382.00046"
id="text4472"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
x="197.17406"
y="382.00046"
id="tspan4474">data</tspan></text>
<path
style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;marker-end:url(#Arrow1Mend);stroke-opacity:1;display:inline"
d="M 138.33231,562.63401 L 196.36828,458.48728"
id="path4476"
inkscape:connector-type="polyline" />
<text
xml:space="preserve"
style="font-size:8px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:DejaVu Serif;-inkscape-font-specification:DejaVu Serif"
x="183.29977"
y="493.93362"
id="text4993"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan4995"
x="183.29977"
y="493.93362">key</tspan></text>
<path
style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;marker-end:url(#Arrow1Mend);stroke-opacity:1;display:inline"
d="M 215.4486,445.76706 L 253.19768,439.64852"
id="path4997"
inkscape:connector-type="polyline" />
<rect
style="opacity:1;fill:#75dd7a;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:0.5;marker:none;marker-start:none;marker-mid:none;marker-end:none;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
id="rect5514"
width="30"
height="29"
x="258.99756"
y="419.52692" />
<text
xml:space="preserve"
style="font-size:8px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:DejaVu Serif;-inkscape-font-specification:DejaVu Serif"
x="265.00299"
y="432.90259"
id="text5522"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan5524"
x="265.00299"
y="432.90259">K1</tspan><tspan
sodipodi:role="line"
x="265.00299"
y="442.90259"
id="tspan5528">enc</tspan><tspan
sodipodi:role="line"
x="265.00299"
y="452.90259"
id="tspan5526" /></text>
<rect
style="opacity:0.75702485;fill:none;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:0.73866194;stroke-linecap:butt;stroke-linejoin:round;marker:none;marker-start:none;marker-mid:none;marker-end:none;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.96078431;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
id="rect5530"
width="297.64359"
height="114.37967"
x="249.1319"
y="351.82095" />
<text
xml:space="preserve"
style="font-size:8px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:DejaVu Serif;-inkscape-font-specification:DejaVu Serif"
x="493.23969"
y="505.98331"
id="text5540"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan5542"
x="493.23969"
y="505.98331">stored on the server</tspan></text>
<text
xml:space="preserve"
style="font-size:8px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:DejaVu Serif;-inkscape-font-specification:DejaVu Serif"
x="394.29968"
y="497.55093"
id="text5544"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan5546"
x="394.29968"
y="497.55093">verify cap</tspan></text>
<text
xml:space="preserve"
style="font-size:8px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:DejaVu Serif;-inkscape-font-specification:DejaVu Serif"
x="200.12067"
y="602.82074"
id="text5556"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
x="200.12067"
y="602.82074"
id="tspan5560">read cap</tspan></text>
<path
style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;marker-end:url(#Arrow1Mend);stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;display:inline"
d="M 412.28876,485.74558 L 398.23478,461.01057"
id="path5564"
inkscape:connector-type="polyline" />
<path
style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;marker-end:url(#Arrow1Mend);stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
d="M 197.21034,597.86157 L 161.79431,589.99134"
id="path6081"
inkscape:connector-type="polyline" />
<path
style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;marker-end:url(#Arrow1Mend);stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;display:inline"
d="M 528.99781,495.45715 L 514.94383,470.72214"
id="path6083"
inkscape:connector-type="polyline" />
<text
xml:space="preserve"
style="font-size:8px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:DejaVu Serif;-inkscape-font-specification:DejaVu Serif"
x="270.54755"
y="516.83386"
id="text6300"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan6302"
x="270.54755"
y="516.83386">hash</tspan></text>
<text
xml:space="preserve"
style="font-size:8px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:DejaVu Serif;-inkscape-font-specification:DejaVu Serif"
x="140.73347"
y="420.8266"
id="text6304"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan6306"
x="140.73347"
y="420.8266">hash</tspan></text>
<text
xml:space="preserve"
style="font-size:8px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:DejaVu Serif;-inkscape-font-specification:DejaVu Serif"
x="391.42056"
y="401.03116"
id="text6308"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan6310"
x="391.42056"
y="401.03116">hash</tspan></text>
<text
xml:space="preserve"
style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:DejaVu Serif;-inkscape-font-specification:DejaVu Serif"
x="40.748276"
y="635.94141"
id="text2456"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
x="40.748276"
y="635.94141"
id="tspan2462">The goal is that I give you the read cap, which is of size <tspan
style="font-style:italic;-inkscape-font-specification:DejaVu Serif Italic"
id="tspan2460">k</tspan> in bits, and then later when you get the file (along with</tspan><tspan
sodipodi:role="line"
x="40.748276"
y="650.94141"
id="tspan2468">the other objects that are stored on the server) you can have both <tspan
style="font-style:italic;-inkscape-font-specification:DejaVu Serif Italic"
id="tspan2573">k/2</tspan>-bit collision resistance (i.e. you know that </tspan><tspan
sodipodi:role="line"
x="40.748276"
y="665.94141"
id="tspan2470">it would take approximately <tspan
style="font-style:italic;-inkscape-font-specification:DejaVu Serif Italic"
id="tspan2575">2^(k/2)</tspan> work for anyone, even the original uploader, to generate a collision) and </tspan><tspan
sodipodi:role="line"
x="40.748276"
y="680.94141"
id="tspan2579"><tspan
style="font-style:italic;-inkscape-font-specification:DejaVu Serif Italic"
id="tspan2585">k</tspan>-bit confidentiality (i.e. you know that it would take approximately <tspan
style="font-style:italic;-inkscape-font-specification:DejaVu Serif Italic"
id="tspan2581">2^k</tspan> work for someone who doesn't have </tspan><tspan
sodipodi:role="line"
x="40.748276"
y="695.94141"
id="tspan2591">the secret value to learn anything about the file contents).</tspan></text>
</g>
</svg>
--Apple-Mail-7--239770055--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
