[Cryptography] asymmetric attacks on crypto-protocols - the rough consensus attack

Sun Aug 2 14:16:46 EDT 2015

On 2/08/2015 12:33 pm, Stephen Farrell wrote:
>
> On 02/08/15 05:27, ianG wrote:
>> It turns out that there is a really nice attack.
>
> Also trying to keep away from specifics of any one protocol.
>
> In general you assume that the attacker (who I agree exists) is active
> as part of the process. There's no way to know the probability of
> that. I do know that people have the ability and propensity to disagree
> with one another for all sorts of reasons that are nothing to do with
> the posited attacker. Perhaps especially the kind of people who
> currently dominate discussions about new Internet protocols. And even
> more especially in fully open environments where anyone can try to
> participate. And since the new work represents change, and for some
> folks, significant change, it's entirely likely that genuine
> differences of opinion will exist even without any action from the
> attacker.
>
> There is also the fact that any rough consensus process has to be
> run by fallible humans. Not everyone is good at herding cats so that
> the cats agree they have arrived at rough consensus. So in addition
> to genuine technical disagreement one also has to take into account
> the chances of accidental mis-management. IMO, that probability is
> also quite high - not every engineer ends up being good at cat
> herding sadly;-)

So, to just add something to the above point about committees being 
difficult without any help, it is of course possible for a committee to 
act the same way even in the absence of an attacker.  This is what makes 
the attack so neat - as long as the attacker just acts as disorganised 
and catty as a normal engineer, there is no observable difference.  The 
attack is invisible, and the hand that guides is also invisible, but not 
the invisible hand of economic progress.

Learning that these two things exist - that we alone can stall the 
process by being bad at committee, and that others can use this badness 
against us - is a really tough lesson.  However, I have discovered a 
rather elegant way that at least gets leads the horse (ass?) to water.

Way back in WWII, the USA's OSS was engaged in the process of sabotaging 
the German production machine.  To assist its agents it created a manual 
[0] which was distributed out to the field.  This manual has since been 
declassified as it was presumably only of historical interest.

As it was a comprehensive look at how to interfere with the enemy, it 
also exhorted the common factory worker to do his or her part.  And it 
created a set of tactics to slow everything down.  This is chapter 11 of 
the manual, which has such gems as "engage in long correspondence" :)

It turns out that Chapters 11 and 12 [1] are a rather poignant 
reflection of what can go wrong in committee.  So when I found myself as 
part of such a committee back in late 2000s, I copied the manual in and 
I euphemistically named it "the manual for our committee" [2].

Then, every time there was a new committee elected, I would pop up and 
say "and don't forget to read the manual on how you do board meetings" 
or some such.  New members would then diligently read it, and quietly 
chuckle and figure out I was having a joke or something.

But the seed is planted.  Not only can we stuff up with histrionics 
("Cry and sob hysterically at every occasion") and bad behaviour, this 
can be used against us by an enemy.

iang

[0]
http://svn.cacert.org/CAcert/CAcert_Inc/Board/oss/OSS_Simple_Sabotage_Manual.pdf
[1]
http://svn.cacert.org/CAcert/CAcert_Inc/Board/oss/oss_sabotage.html
[2]
The board of CAcert, a community certification authority that changes 
its board around every year.