[Cryptography] asymmetric attacks on crypto-protocols - the rough consensus attack

ianG iang at iang.org
Mon Aug 3 16:51:36 EDT 2015 

On 3/08/2015 20:45 pm, Jerry Leichter wrote:
>> Jerry described the coin toss.  This "addresses" Stephen's dual-attack at some level.  What it does is actually give a 50% chance of the good protocol, and a 50% chance of the challenger.
> You're changing the nature of the attack.  I took your attack to be "find two essentially equal protocols and keep the decision procedure stuck on deciding between them".

It's the latter - generate the deadlock on decision.  That could be done 
in theory with two essentially equal protocols, then fine, but I expect 
this Buridan's Ass story to collapse;  it's a dynamic world, and either 
two essentially equal protocols are not equal tomorrow with more 
analysis or news, /or/ the engineers know it and go with a coin toss.


> If one of the protocols is actually *better* along the agreed-upon dimensions - for example, if one has a security flaw - the whole assumption of the "rough consensus" approach is that this will be found eventually and the better protocol will win on the technical merits.


I'm expecting the two protocols to be quite different and difficult to 
compare.  This is in order to preserve the tribe that supports each; 
the two protocols have to be oriented to their own tribe in ways that 
they appeal and horrify in equal measure.

Also, the nature of the attack is that the attacker will change the 
nature of the attack, if it suits...  The essence is the outcome, not 
the inputs, and this attacker cheats.  So I'd fully expect the attacker 
to actually improve the underdog if it was losing support.


> If you can't determine that one of the proposed protocols is actually unacceptable according to the agreed criteria, you have a very different problem, which has nothing to do with rough consensus, working code, committee procedures, or what have you.


I think even in real life that's not easy.  Two protocols can score 
highly on different criteria, thus setting off an argument as to which 
criteria is more important.



iang

More information about the cryptography mailing list