[Cryptography] End-to-End Protocols and Wasp Nests

Bear bear at sonic.net
Sat Mar 8 18:27:15 EST 2014

On Wed, 2014-03-05 at 11:28 -0800, Dennis E. Hamilton wrote:
>   -----Original Message-----
> From: Jerry Leichter

> > It needs to be easy to add "interesting combinations" to the test suite. 

> > If it is possible, generating a complete set of combinations of flaws 
> is not unreasonable. 

> With regard to both of those cases, it seems to me that detection and 
> mitigation is not that complex.  

I like your "wasp nest" idea; a sort of crowdsourced set of 
remotely accessible test cases would be very useful, because 
most developers never come up with more than a few dozen.  

It seems to me that most "interesting cases" are made 
up of unexpected combinations of Ops & Circs (Operations 
& Circumstances), and that by the time humans have written 
a thousand bug reports, they've probably discovered eighty 
or a hundred different Ops & Circs of interest -- each of 
the thousand bug reports/future test cases being composed 
of combinations of two or three or four of them. 

I think it would be a worthwhile methodology to start 
trying to abstract the Ops & Circs - each 'aspect' that 
is normally handled well but combines with some specific
other thing to reveal a bug, is a candidate.

You can write a brute-force algorithm that just keeps trying
combinations of different known Ops & Circs of interest -- but 
the problem there is that if you've got forty of them, you're 
exploring a forty-bit keyspace, with an "operation" that takes 
a hell of a lot longer than a decryption.  And if you've got 
sixty of them, you have to restrict your search somehow.  

I think you get most of the coverage if you just tell your 
brute-force test generator to limit the number of bits it flips
"on" -- most bugs are a combination of two or three or four 
things, not a combination of twenty or thirty or forty.  There's 
a simple algorithm to generate numbers from lowest setbit count 
to highest, so that would probably be the test enumerator for 
this hypothetical brute-force testing tool.  

Start from zero, and work your way up, as they say.  It's not 
a fully rigorous proven-complete test suite (because you can't 
ever prove you've found all the ops & circs of interest) but 
it surely would generate and test a nearly-infinite number of 
cases, and whenever a particular new op or circ were discovered, 
it would very quickly delineate the circumstances in which it 
becomes a problem.

And unlike most automated testing proposals, the method is simple 
enough for ordinary developers to understand and use.


More information about the cryptography mailing list