[Cryptography] Implementations, attacks on DHTs, Mix Nets?

[Perry E. Metzger]

On Tue, 27 Aug 2013 21:13:59 -0400 Jerry Leichter <leichter at lrw.com>
wrote:
> I wonder if much of the work on secure DHT's and such is based on
> bad assumptions.  A DHT is just a key/value mapping.  There are two
> reasons to want to distribute such a thing:  To deal with high,
> distributed load; and because it's too large to store on any one
> node.

You've forgotten other reasons. One might want to avoid a single
point of failure. One might also want to avoid having any central
organization responsible for running a database so that it cannot be
shut down by an adversary without shutting down thousands or millions
of nodes.

> I contend that the second has become a non-problem.

That is untrue.

Say that you want to distribute a database table consisting of human
readable IDs, cryptographic keys and network endpoints for some
reason. Say you want it to scale to hundreds of millions of users. A
quick back of the envelope shows that no home user's little ARM based
gateway machine is going to want to handle storing the entire database
or handling the entire update traffic volume -- the latter alone
might swamp someone even with quite reasonable connectivity.

> Even at the high end, what's today a fairly small, moderately
> powered system can handle this much data with no problems.

I don't think so. Lets say you have a few hundred bytes per entry and
a billion users. That's hundreds of gigabytes, far more than you can
store on a thumb drive and an appreciable fraction even of today's
hard drives. Furthermore, say that 1% of the entries update per day
-- even at that low rate, you're going to swamp lots of people's
internet transfer quotas.

Perry
-- 
Perry E. Metzger		perry at piermont.com