Changes between Version 3 and Version 7 of Ticket #753


Ignore:
Timestamp:
2011-07-28T20:00:40Z (13 years ago)
Author:
zooko
Comment:

fixed superscripts

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #753

    • Property Keywords newcaps security added

  • Ticket #753 – Description

    v3 v7  
    2929In the Tahoe context, {{{C}}} is the number of files you can add to the grid.
    3030
    31 In the current case, our 128-bit storage index (N=2**128) means that p=0.5
    32 gets us a nice large 2**64 number of files, except that p=0.5 is insufficient
     31In the current case, our 128-bit storage index (N=2¹²⁸) means that p=0.5
     32gets us a nice large 2⁶⁴ number of files, except that p=0.5 is insufficient
    3333margin: we'd much prefer a vanishingly small chance of collision, like
    34 p=2**-64. Fortunately we get two bits of margin for every one bit we reduce
     34p=2⁻⁶⁴. Fortunately we get two bits of margin for every one bit we reduce
    3535from C. The table looks like:
    3636
    3737||N||numfiles|| ||prob(collision)||
    38 ||96||2**48||->||2**-1 (0.5)||
    39 ||96||2**40||->||2**-17||
    40 ||96||2**32||->||2**-33||
    41 ||96||2**24||->||2**-49||
    42 ||128||2**64||->||2**-1 (0.5)||
    43 ||128||2**56||->||2**-17||
    44 ||128||2**48||->||2**-33||
    45 ||128||2**32||->||2**-65||
    46 ||192||2**96||->||2**-1||
    47 ||192||2**80||->||2**-33||
    48 ||192||2**64||->||2**-65||
    49 ||256||2**128||->||2**-1 (0.5)||
    50 ||256||2**96||->||2**-65||
     38||96||2⁴⁸||->||2⁻¹ (0.5)||
     39||96||2⁴⁰||->||2⁻¹⁷||
     40||96||2³²||->||2⁻³³||
     41||96||2²⁴||->||2⁻⁴⁹||
     42||128||2⁶⁴||->||2⁻¹ (0.5)||
     43||128||2⁵⁶||->||2⁻¹⁷||
     44||128||2⁴⁸||->||2⁻³³||
     45||128||2³²||->||2⁻⁶⁵||
     46||192||2⁹⁶||->||2⁻¹||
     47||192||2⁸⁰||->||2⁻³³||
     48||192||2⁶⁴||->||2⁻⁶⁵||
     49||256||2¹²⁸||->||2⁻¹ (0.5)||
     50||256||2⁹⁶||->||2⁻⁶⁵||
    5151
    5252
     
    5454top-most cap value (i.e. the readkey for immutable files, or the writekey for
    5555mutable files). So a DSA-based mutable file with a 92-bit writecap gives us
    56 an {{{N}}} of 2**92, even if it is expanded into a storage-index of 128 or
     56an {{{N}}} of 2⁹², even if it is expanded into a storage-index of 128 or
    5757256 bits.
    5858
    5959Also note that the allmydata.com grid currently has something like 10M
    60 objects in it, about C=2**23.
     60objects in it, about C=2²³.
    6161
    6262So, I'm thinking that as much as a nice short 96-bit DSA mutable writecap
     
    6565collision to be so small that I don't ever need to worry about it, and 96
    6666bits isn't really there. 128 bits is probably good enough, but doesn't have
    67 enough margin to be obviously and unquestionably safe (C=2**32 is a lot of
    68 files but you can imagine people wanting more, p=2**-64 is a tiny probability
     67enough margin to be obviously and unquestionably safe (C=2³² is a lot of
     68files but you can imagine people wanting more, p=2⁻⁶⁴ is a tiny probability
    6969but you can imagine people wanting a bit better). 256 would be plenty (but of
    7070course I want my filecaps to be shorter than that).