[Cryptography] Squaring Zooko's triangle
Peter Fairbrother
zenadsl6186 at zen.co.uk
Tue Sep 10 13:09:14 EDT 2013
On 10/09/13 05:38, James A. Donald wrote:
> On 2013-09-10 3:12 AM, Peter Fairbrother wrote:
>> I like to look at it the other way round, retrieving the correct name
>> for a key.
>>
>> You don't give someone your name, you give them an 80-bit key
>> fingerprint. It looks something like m-NN4H-JS7Y-OTRH-GIRN. The m- is
>> common to all, it just says this is one of that sort of hash.
>
> 1. And they run away screaming.
Sorry, I misspoke: you can of course give them your name, just not your
telephone number or email address. You give them the hash instead of those.
> 2. It only takes 2^50 trials to come up with a valid fingerprint that
> agrees with your fingerprint except at four non chosen places.
And that will help an attacker how?
To use a hash to contact you Bob has to ask the semi-trusted server to
find the hash and then return your matching input string - if he gets it
wrong even in one place the server will return a different hash, or no
hash at all.
Bob can't use a hash which doesn't match exactly.
Sound too restrictive? But Bob can't use a telephone number or email
address which is wrong in one place, never mind four, either.
I was even thinking of using a 60-bit hash fingerprint (with a whole lot
of extra work added, to make finding a matching tailored preimage about
2^100 or so total work), so a hash would look like s-NN4H-JS7Y-OTRH but
I haven't convinced myself that that would work yet.
Mind you, I haven't ruled it out either. There is a flood attack, but it
can be defeated by people paying a dollar to the server when they input
a hash.
-- Peter Fairbrother
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>
More information about the cryptography
mailing list