[tahoe-lafs-trac-stream] [tahoe-lafs] #2018: padding to hide the size of plaintexts

tahoe-lafs trac at tahoe-lafs.org
Sun Jul 21 07:30:17 UTC 2013 

#2018: padding to hide the size of plaintexts
-------------------------+-------------------------------------------------
     Reporter:  zooko    |      Owner:
         Type:           |     Status:  new
  enhancement            |  Milestone:  undecided
     Priority:  normal   |    Version:  1.10.0
    Component:  code-    |   Keywords:  confidentiality privacy compression
  encoding               |  newcaps
   Resolution:           |
Launchpad Bug:           |
-------------------------+-------------------------------------------------

Comment (by nejucomo):

 +1 on the need for a threat model (mentioned on the list by Greg Troxel).

 A threat model is really important so that we notice conflicting design
 goals, or unnecessary complexity.

 An example conflict of goals: consider a threat model with an attacker who
 only operates a storage node and has no resources outside of that storage
 node, and consider two features: range requests versus "size
 confidentiality" through padding.

 An incremental update to a byte range reveals that that range is
 interesting, and probably not padding.  A lack of byte range updates means
 updates require full file uploads, which is a large usability cost.

 Range updates can also potentially reveal information through layers
 outside of LAFS!  Suppose a user is using an encrypted loop-back
 filesystem stored in a single "local filesystem file", ''but'' that single
 file happens to be backed by some magic LAFS goo that "smartly" notices
 only a range has been altered, and only sends updates for that range.  Now
 the user changes a small secret stored inside the loop-back encrypted
 filesystem, and that translates to a tiny range request a storage node
 operator could see, whose size is close to the tiny secret size.

 So, are bup-style hash splitting or `LDMF`-style deltas with individual
 padding superior to range updates?  We can't answer this unless we have a
 threat model and we also prioritize other features against defense-
 features for that threat model.

-- 
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2018#comment:6>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage

More information about the tahoe-lafs-trac-stream mailing list