[p2p-hackers] convergent encryption reconsidered

Ivan Krstić krstic at solarsail.hcs.harvard.edu
Mon Mar 31 06:59:04 EDT 2008


On Mar 31, 2008, at 6:44 AM, James A. Donald wrote:
> Better still, have a limited supply of tickets that enable one to  
> construct the convergence key.  Enough tickets for all normal usage,  
> but  not enough to perform an exhaustive search. [...]
>
> If you give the ticket issuing computers an elliptic point P, they  
> will  give you the corresponding elliptic point k*P.  If, however,  
> you ask for too many such points, they will stop responding.

This isn't a good design. It's incompatible with Tahoe's present  
architecture, introduces a single point of failure, centralizes the  
otherwise by-design decentralized filesystem, and presents a simple  
way to mount denial of service attacks. Finally, since the  
decentralization in Tahoe is part of its security design (storage  
servers aren't trusted), you run into the usual quis custodiet ipsos  
custodes problem with the ticket-issuing server that the present  
system nicely avoids.

Cheers,

--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list