[Cryptography] [FORGED] Cubbit

Jerry Leichter leichter at lrw.com
Fri Jun 5 21:56:56 EDT 2020 


> If you want the software-only version there's things like Storj, where your
> data is stored on the spare hard drive space of random people who have signed
> up to it, a.k.a. Airbnb for data.  So bits of your data will be on a gaming
> machine in Kazakhstan, bits on a cash register in France, and bits on a Kodi
> box in Peru.  What could possibly go wrong?
If it actually worked, I'm not sure I would care that my encrypted bits were in a gaming machine or wherever.  Why should I?  What matters to me is the global guarantee that I can get my bits back within some reasonable time.  If the system can do that, I don't care if some of the storage is spray-painted graffiti on walls all over town, read by nearby video cameras.

There is an underlying issue that's clear with Cubbit but is present in all such systems.  Cubbit specifically says that the storage in each attached node is split 50/50:  Half is used to hold local pieces of your data; half is made available to the system.  (I think they actually split that into space used to hold chunks of other people's data and space to hold metadata that glues the system together).

Now, if half my space is my data, and half is shared to provide redundancy for other people's data ... over the entire system, the redundancy can't possibly be more than two.  At best, overall, the effect has to be that losing just the wrong two copies loses the data entirely.

The description Cubbit provides says that they distribute 36 copies in a Reed-Solomon code that allows recovery from any 24 copies.  But one way or another ... 36 copies requires that, somewhere, there be 35 times the space of the original copy to provide the redundancy.  Now, perhaps they are assuming that most people will use (well under) the "private" capacity of their local storage for their own data.  If on average people only use half their local storage, then the "public" half now has 4 times the used capacity, and the redundancy starts to get interesting.  But 36 times the used capacity?  Hardly something to rely on if the system catches on.

                                                        -- Jerry



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200605/8b41e7c6/attachment.htm>

More information about the cryptography mailing list