[tahoe-dev] [tahoe-lafs] #217: DSA-based mutable files -- small URLs, fast file creation

[tahoe-lafs]

#217: DSA-based mutable files -- small URLs, fast file creation
----------------------------+-----------------------------------------------
 Reporter:  zooko           |           Owner:  zooko     
     Type:  enhancement     |          Status:  assigned  
 Priority:  major           |       Milestone:  eventually
Component:  code-mutable    |         Version:  0.7.0     
 Keywords:  mutable crypto  |   Launchpad_bug:            
----------------------------+-----------------------------------------------

Comment(by warner):

 It occurred to me the other night that, if we can make
 [http://allmydata.org/trac/pycryptopp/ticket/13 pycryptopp#13] semi-
 private DSA keys work, then we could have a super-simple mutable-file cap
 scheme as follows:

  * assume K=128 bits (might be comfortable with 96 bits), this is the
 security parameter
  * create K-bit random seed, this is the writecap (128 bits)
  * derive 2K-bit semi-private DSA key: this is the readcap (256 bits)
   * hash semi-private key to get the symmetric data-protection key (or
 rather a value that is used to derive it.. SDMF has a per-version salt,
 MDMF has a per-segment-per-version salt)
  * derive 2K-bit verifying key: this is the verifycap (256 bits)
  * either use the verifying key as a storage-index, or hash it, or
 truncate it. Store a copy of the verifying key in the share for the
 benefit of server-side validation.

 For #308 deep-traversal dircaps, insert another semi-private key step
 between the readcap and the verifycap.

 This would give us i.e. 128-bit writecaps, 256-bit readcaps, offline
 attenuation, full server-side verification of every bit of the share, and
 minimal roundtrips (no need to fetch an encrypted private key before
 creating new shares).

-- 
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/217#comment:49>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid