[tahoe-dev] FW: cleversafe says: 3 Reasons Why Encryption is Overrated

Zooko O'Whielacronx zookog at gmail.com
Mon Aug 10 19:22:45 PDT 2009


On Mon, Aug 10, 2009 at 3:40 PM, Jason Resch<jresch at cleversafe.com> wrote:
>
> Recalling what the original poster said:
> "Surely this is fundamental to threshold secret sharing - until you
> reach the threshold, you have not reduced the cost of an attack?"
>
> Cleversafe's method does have this property, the difficulty in breaking the random transformation key does not decrease with the number of slices an attacker gets.  Though the difficulty is not infinite, (as is the case with an information theoretically secure scheme) it does remain fixed until a threshold is reached.

That isn't correct.  The more slices an attacker has access to, the
more information they have which they might be able to use to break
the encryption.  This is equivalent to saying that "the difficulty"
(in the sense of computationally secure cryptography) decreases.  Now,
if the encryption scheme (in this case one formed out of AES-256 and a
hash function) is secure, then whatever information they gain won't
help them (until they reach the threshold), so "the difficulty"
remains too difficult for them (until they reach the threshold).
However, if the encryption scheme is less than perfect, then maybe
they can crack the system without having a threshold number of the
slices.  This is just the normal definition of a
computationally-secure cryptosystem based on an encryption scheme.
The AONT design doesn't make it stronger in the case of a weak cipher
or a weak hash function than a similar design such as Tahoe-LAFS.
Indeed, the AONT arguably makes it weaker.

Hm, your overview diagram [1] doesn't say what hash function is used
to generate the mask for the AONT, but this document [2] says you are
using MD5.  However, [2] also says you are using AES-128 which
contradicts [1]'s statement that you are using AES-256, so I'll bet
[2] is obsolete.  Could you point to more details about the
implementation of the AONT and the other algorithms?

Thanks!

Regards,

Zooko

[1] http://dev.cleversafe.org/weblog/?p=111
[2] http://www.cleversafe.org/documentation/Cleversafe-Arch.pdf


More information about the tahoe-dev mailing list