[Cryptography] Cryptographically securing a two-phase commit

Bill Stewart billstewart at pobox.com
Wed Jul 29 19:05:14 EDT 2020


On 7/29/2020 11:34 AM, Jon Callas wrote:
]    Peter wrote:
>>
>> Can anyone suggest a means of avoiding this overhead that doesn't require
>> inventing a custom protocol or format for the purpose?  In other words that
...
> So my naive take is that this is just flat-out impossible. It is always possible for an attacker who can arbitrarily jigger your inputs to DoS you.

Leave out the question of existing formats/protocols supporting it.
I think your choices are limited to
- get some upfront information in Part 1 including some keys and maybe 
some hashes and maybe the size of the blob, maybe signed.
- maybe respond to Part 1 with something that makes Alice do work before 
you start Part 2 or at least before you do any heavy-lifting crypto for 
Part 1
- Part 2: Either
-- decrypt the blob on the fly
-- don't decrypt the blob on the fly, just store it and go back and 
decrypt after it's all there
-- don't decrypt the blob on the fly, but calculate a hash on the fly 
while storing it, and then go back and decrypt if the hash is good.

I'm assuming that hashes are still a lot faster than decrypting.
And your attacker could still send you bogus data inside the encrypted 
hashed blob.



More information about the cryptography mailing list