[tahoe-dev] Question about Hash usage (versus MAC) for consistency check

Zooko Wilcox-O'Hearn zooko at zooko.com
Tue Aug 4 18:59:19 PDT 2009 

On Tuesday,2009-08-04, at 16:27 , Guillaume Sevestre wrote:
> I wonder why you are not using MAC’s (Message Authentication Codes)  
> for the authentication on the data, in plaintext and ciphertext ?
>
> I think your architecture could fit well with MAC computed in the  
> Gateway (As it’s, by design, in the confident area)
>
It is because each file can be individually shared with other users.   
If you receive a read-capability to an immutable file from me, you  
can use it to retrieve the file contents.  You can also share that  
read-capability with a friend, and you will know that if they use it  
to retrieve the file contents that they will get the exact same  
contents that you got.

A Message Authentication Code is a much more efficient cryptographic  
primitive, and it is easier to be sure that a MAC that has long-term  
security than that a secure hash function has.  However, it doesn't  
have the right semantics of sharing for Tahoe-LAFS's purposes.  A MAC  
has a secret key which is necessary for checking the validity of  
contents, and also anyone who knows the secret key can generate new  
contents that will validate.  Tahoe-LAFS has two kinds of files:  
immutable files (as above), and mutable files where some set of users  
(possibly just one user) has the ability to write new contents and  
another set of users has the ability to read contents.  We can't use  
MACs for mutable files, either, because we want to be able to give  
some users the ability to read the file contents (i.e. to check the  
validity of the file contents) without also giving them the ability  
to write new contents (i.e. to generate a new file contents that  
would validate).  Therefore, we have to use a digital signature  
system for mutable files.

Thanks for asking!  There are some other details in this paper:

Zooko Wilcox-O'Hearn, Brian Warner "Tahoe – The Least-Authority  
Filesystem" http://allmydata.org/~zooko/lafs.pdf

Regards,

Zooko

More information about the tahoe-dev mailing list