[Cryptography] asymmetric attacks on crypto-protocols - the rough consensus attack
ianG
iang at iang.org
Mon Aug 3 16:51:36 EDT 2015
On 3/08/2015 20:45 pm, Jerry Leichter wrote:
>> Jerry described the coin toss. This "addresses" Stephen's dual-attack at some level. What it does is actually give a 50% chance of the good protocol, and a 50% chance of the challenger.
> You're changing the nature of the attack. I took your attack to be "find two essentially equal protocols and keep the decision procedure stuck on deciding between them".
It's the latter - generate the deadlock on decision. That could be done
in theory with two essentially equal protocols, then fine, but I expect
this Buridan's Ass story to collapse; it's a dynamic world, and either
two essentially equal protocols are not equal tomorrow with more
analysis or news, /or/ the engineers know it and go with a coin toss.
> If one of the protocols is actually *better* along the agreed-upon dimensions - for example, if one has a security flaw - the whole assumption of the "rough consensus" approach is that this will be found eventually and the better protocol will win on the technical merits.
I'm expecting the two protocols to be quite different and difficult to
compare. This is in order to preserve the tribe that supports each;
the two protocols have to be oriented to their own tribe in ways that
they appeal and horrify in equal measure.
Also, the nature of the attack is that the attacker will change the
nature of the attack, if it suits... The essence is the outcome, not
the inputs, and this attacker cheats. So I'd fully expect the attacker
to actually improve the underdog if it was losing support.
> If you can't determine that one of the proposed protocols is actually unacceptable according to the agreed criteria, you have a very different problem, which has nothing to do with rough consensus, working code, committee procedures, or what have you.
I think even in real life that's not easy. Two protocols can score
highly on different criteria, thus setting off an argument as to which
criteria is more important.
iang
More information about the cryptography
mailing list