[p2p-hackers] convergent encryption reconsidered
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Mon Mar 31 06:59:04 EDT 2008
On Mar 31, 2008, at 6:44 AM, James A. Donald wrote:
> Better still, have a limited supply of tickets that enable one to
> construct the convergence key. Enough tickets for all normal usage,
> but not enough to perform an exhaustive search. [...]
>
> If you give the ticket issuing computers an elliptic point P, they
> will give you the corresponding elliptic point k*P. If, however,
> you ask for too many such points, they will stop responding.
This isn't a good design. It's incompatible with Tahoe's present
architecture, introduces a single point of failure, centralizes the
otherwise by-design decentralized filesystem, and presents a simple
way to mount denial of service attacks. Finally, since the
decentralization in Tahoe is part of its security design (storage
servers aren't trusted), you run into the usual quis custodiet ipsos
custodes problem with the ticket-issuing server that the present
system nicely avoids.
Cheers,
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list