[Cryptography] asymmetric attacks on crypto-protocols - the rough consensus attack

Jerry Leichter leichter at lrw.com
Sun Aug 2 06:35:02 EDT 2015


> On Aug 2, 2015, at 12:27 AM, ianG <iang at iang.org> wrote:
> [Block "rough consensus and working code"  convergence on a crypto protocol by maintaining an alternative position indefinitely.]
This is an issue that's broader than crypto protocols and broader than "rough consensus".  It's a fundamental issue with group decision-making when group members believe that logical argument - which is infinitely sub-divisible - is the only basis for resolving arguments.  In fact, it's a fundamental problem of rational decision-making - see "Buridan's ass" (https://en.wikipedia.org/wiki/Buridan%27s_ass).

I saw similar processes occurring internally at DEC decades ago.  You can doubtless find them throughout academia.  And they can form without any external deliberate agency - though as you point out, they can be *encouraged* to form.

My own solution:  If two different approaches have each been successfully argued by two roughly equally teams for "a while", *neither is "better" than the other*.  They are simply *different*.  At that point, logical argument is beside the point - pick one at random.  Making a choice has become more important than which choice you make.

Often, there are multiple objective functions to satisfy, and you find that each side is arguing that, over all, they satisfy "more" of them.  But then you can end up with a cyclic majority, in which there *is* no overall "better" choice - each can be dominated by another.  Just choose at random.

But ... it could be that it's not so much that there's a cyclic majority as that different factions simply weight the different objectives differently.  It may not be obvious that this is happening; it may even be deliberately hidden, especially when the objectives favor one external group over another.    Surfacing these differences may eliminate the (false) equivalence of the competing approaches; or it may simply move the argument to a new plane.  But at least the argument on that plane is about real differences.

If the situation truly is a Buridan's ass one, you may find that techies *still* aren't willing to cede a choice to a random choice.  An argument I've made about elections may swing them.  Imagine we held an election, and the results were extremely close.  We do a recount - and the results are still close, but go the other way.  We do *another* recount, and get yet another set of results.  It's impossible to re-run the election, but we can't get convergence on the result.  This leads to all kinds of fights, but the underlying basic claim is that the election *had* a true result - we just need to determine what it was.  I claim that in such a situation we're "in the quantum domain":  The election *didn't have a result*.  It's in a mixed state between two equally probably results, and which one we see is indeterminate.  Just flip a coin.
                                                        -- Jerry



More information about the cryptography mailing list