[117977] in Cypherpunks
Re: request for information/virtual private network as
daemon@ATHENA.MIT.EDU (Bill Stewart)
Thu Sep 16 23:53:06 1999
Message-Id: <3.0.5.32.19990916093627.009cf240@idiom.com>
Date: Thu, 16 Sep 1999 09:36:27 -0700
To: "Michael J. Fromberger" <Fromberger@Clothing.Dartmouth.EDU>,
cypherpunks@toad.com
From: Bill Stewart <bill.stewart@pobox.com>
In-Reply-To: <19990914100714.C21668@linguist.dartmouth.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Reply-To: Bill Stewart <bill.stewart@pobox.com>
At 10:07 AM 9/14/99 -0400, Michael J. Fromberger wrote:
>quoth holist:
>> I wonder if it is possible to create a virtual private network which,
>> operating as a parallel architecture composed of its nodes, implements a
>> database that is accessible from each of the nodes in such a way that the
>> information contained in any one or few of the nodes does not permit
>> reconstruction of the database and
It depends a lot on what you mean by "database" -
it's much easier to do this for a bunch of files you access by name than for
an SQL query/response system, though I suppose you could build a DBMS
on top of a networked file system that split the data using secret sharing.
Shamir's secret-sharing algorithms is one cryptographic approach, and
Rivest has done work on algorithms that let you reconstruct data only
if you have all the pieces.
>> in which the database would be "doing
>> sommersaults" all the time so that only simultaneous interception of the
>> data content of the majority of nodes would allow the database to be
>> reconstructed?
I'm not sure the precise technical definition of "doing somersaults" (:-),
but as long as you split the data appropriately, you need most of the pieces
to reconstruct the originals. This means that you should do encryption
on the separate pieces when you're sending them back and forth, though
you can decide whether to do that as part of your protocols or just wrap
the data in IPSEC.
>It seems like you're basically describing a software RAID, where the
>data are mirrored, but instead of mirroring literal copies, you mirror
>shares of the data constructed using some secret-sharing scheme.
>Would some variation of Shamir's linear-algebraic scheme work for this
>purpose?
>Of course, you'd have the problem that if one of your nodes bit the
>dust, you'd be screwed, but then that's the point of encryption.
The secret-sharing technology needs M out of N shares to reconstruct data,
so you can set it up to recover from losing N-M sites - IF you know
when you lose a site. If one of your sites merely has garbaged data,
and you don't know which one, you could be badly hosed.
Checksums are your friend.
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
