[tahoe-dev] how to encrypt, integrity-check, and offline-attenuate with only 2n bits
David-Sarah Hopwood
david-sarah at jacaranda.org
Tue Sep 8 22:56:26 PDT 2009
David-Sarah Hopwood wrote:
> For immutable files, we absolutely need 2n bits in a readcap to obtain
> collision resistance. It is desirable to also have 2n bits in a verifycap,
> to prevent an attack where the creator of a file can use a collision to
> generate a verifycap that will succeed in verifying invalid ciphertext
> (it isn't clear that this is a particularly useful attack, but it turns
> out we can prevent it at no significant cost).
Actually the strength against this attack is only 2^(n/2). It is possible
to increase the size of V' without increasing the size of R, if that is
considered a problem.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
More information about the tahoe-dev
mailing list