[Cryptography] asymmetric attacks on crypto-protocols - the rough consensus attack
ianG
iang at iang.org
Sun Aug 2 14:16:46 EDT 2015
On 2/08/2015 12:33 pm, Stephen Farrell wrote:
>
> On 02/08/15 05:27, ianG wrote:
>> It turns out that there is a really nice attack.
>
> Also trying to keep away from specifics of any one protocol.
>
> In general you assume that the attacker (who I agree exists) is active
> as part of the process. There's no way to know the probability of
> that. I do know that people have the ability and propensity to disagree
> with one another for all sorts of reasons that are nothing to do with
> the posited attacker. Perhaps especially the kind of people who
> currently dominate discussions about new Internet protocols. And even
> more especially in fully open environments where anyone can try to
> participate. And since the new work represents change, and for some
> folks, significant change, it's entirely likely that genuine
> differences of opinion will exist even without any action from the
> attacker.
>
> There is also the fact that any rough consensus process has to be
> run by fallible humans. Not everyone is good at herding cats so that
> the cats agree they have arrived at rough consensus. So in addition
> to genuine technical disagreement one also has to take into account
> the chances of accidental mis-management. IMO, that probability is
> also quite high - not every engineer ends up being good at cat
> herding sadly;-)
So, to just add something to the above point about committees being
difficult without any help, it is of course possible for a committee to
act the same way even in the absence of an attacker. This is what makes
the attack so neat - as long as the attacker just acts as disorganised
and catty as a normal engineer, there is no observable difference. The
attack is invisible, and the hand that guides is also invisible, but not
the invisible hand of economic progress.
Learning that these two things exist - that we alone can stall the
process by being bad at committee, and that others can use this badness
against us - is a really tough lesson. However, I have discovered a
rather elegant way that at least gets leads the horse (ass?) to water.
Way back in WWII, the USA's OSS was engaged in the process of sabotaging
the German production machine. To assist its agents it created a manual
[0] which was distributed out to the field. This manual has since been
declassified as it was presumably only of historical interest.
As it was a comprehensive look at how to interfere with the enemy, it
also exhorted the common factory worker to do his or her part. And it
created a set of tactics to slow everything down. This is chapter 11 of
the manual, which has such gems as "engage in long correspondence" :)
It turns out that Chapters 11 and 12 [1] are a rather poignant
reflection of what can go wrong in committee. So when I found myself as
part of such a committee back in late 2000s, I copied the manual in and
I euphemistically named it "the manual for our committee" [2].
Then, every time there was a new committee elected, I would pop up and
say "and don't forget to read the manual on how you do board meetings"
or some such. New members would then diligently read it, and quietly
chuckle and figure out I was having a joke or something.
But the seed is planted. Not only can we stuff up with histrionics
("Cry and sob hysterically at every occasion") and bad behaviour, this
can be used against us by an enemy.
iang
[0]
http://svn.cacert.org/CAcert/CAcert_Inc/Board/oss/OSS_Simple_Sabotage_Manual.pdf
[1]
http://svn.cacert.org/CAcert/CAcert_Inc/Board/oss/oss_sabotage.html
[2]
The board of CAcert, a community certification authority that changes
its board around every year.
More information about the cryptography
mailing list