[Cryptography] Cryptographically securing a two-phase commit
Dennis E. Hamilton
dennis.hamilton at acm.org
Wed Jul 29 11:45:51 EDT 2020
From: Peter Gutmann
Sent: Tuesday, July 28, 2020 21:23
Let's say you have a computationally somewhat expensive operation that's
performed as a two-phase commit (2PC). The details aren't important, but in
crypto terms think of it as receiving a large blob of signed data in PGP or
S/MIME format where you can't tell until you reach the signature at the end
whether it's valid or not. The prepare portion of the 2PC is receiving and
saving the blob, the commit/abort operation is checking the signature at the
end and either discarding it or acting on it.
[ ... ]
Again, it needs to be achievable using a standard format like PGP or S/MIME,
inventing a new protocol or format to do it isn't an option. Breaking the
single blob up into lots of little sub-blobs, each individually
authenticated and hash-chained together, is possible as a last resort but
anything better would be preferable.
[orcmid] Is this not equivalent to verifying the integrity of a blob at
rest? Even if the check can be carried out progressively in some manner,
how can one conclude preservation of the integrity without a procedure that
involves it all? Whatever the procedure for subdivision and early
detection, we have to presume it is known to an adversary (if this is a
security question) and that the worst case cannot be avoided perfectly.
I am surprised by this question. What am I missing?
- Dennis
More information about the cryptography
mailing list