[119158] in cryptography@c2.net mail archive
Re: [p2p-hackers] convergent encryption reconsidered
daemon@ATHENA.MIT.EDU (=?UTF-8?Q?Ivan_Krsti=C4=87?=)
Mon Mar 31 11:14:43 2008
Cc: "Leichter, Jerry" <leichter_jerrold@emc.com>,
theory and practice of decentralized computer networks <p2p-hackers@lists.zooko.com>,
Cryptography <cryptography@metzdowd.com>
From: =?UTF-8?Q?Ivan_Krsti=C4=87?= <krstic@solarsail.hcs.harvard.edu>
To: James A. Donald <jamesd@echeque.com>
In-Reply-To: <47F0C09A.8080402@echeque.com>
Date: Mon, 31 Mar 2008 06:59:04 -0400
On Mar 31, 2008, at 6:44 AM, James A. Donald wrote:
> Better still, have a limited supply of tickets that enable one to =20
> construct the convergence key. Enough tickets for all normal usage, =20=
> but not enough to perform an exhaustive search. [...]
>
> If you give the ticket issuing computers an elliptic point P, they =20
> will give you the corresponding elliptic point k*P. If, however, =20
> you ask for too many such points, they will stop responding.
This isn't a good design. It's incompatible with Tahoe's present =20
architecture, introduces a single point of failure, centralizes the =20
otherwise by-design decentralized filesystem, and presents a simple =20
way to mount denial of service attacks. Finally, since the =20
decentralization in Tahoe is part of its security design (storage =20
servers aren't trusted), you run into the usual quis custodiet ipsos =20
custodes problem with the ticket-issuing server that the present =20
system nicely avoids.
Cheers,
--
Ivan Krsti=C4=87 <krstic@solarsail.hcs.harvard.edu> | http://radian.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
