Context Navigation

Changes between Version 2 and Version 3 of NewCaps/WhatCouldGoWrong

Timestamp:: 2009-10-11T00:43:08Z (15 years ago)
Author:: davidsarah
Comment:: fix typos and some variable names

Legend:

: Unmodified
: Added
: Removed
: Modified

NewCaps/WhatCouldGoWrong

-                      v2
+                      v3
 ||#||''what bad thing could happen''||''how''||''who could do it''||''what could they target''||''what crypto property prevents it''||''how expensive to brute force''||
 ||1||shape-shifter immutable file [footnote 1]||collide read-cap (''R'',''T'')||creator of a file||their own file||the hash function's and cap format's collision resistance on the read-cap (''R'',''T'')||2^(''r''+''t'')/2^||
 ||2||unauthorized read||attack the encryption of ''K'' with ''R''||anyone||any one file||the cipher's security and the secrecy of the read-key ''R''||2^''r''^||
+||2||unauthorized read||attack the encryption of ''K1'' with ''R''||anyone||any one file||the cipher's security and the secrecy of the read-key ''R''||2^''r''^||
 ||3||forgery of immutable file||generate a matching read-cap (''R'',''T'') for someone else's file||anyone||any one file||the hash function's and cap format's second-pre-image resistance on (''R'',''T'')||2^''r''+''t''^||
 ||4||roadblock or speedbump [footnote 2]||generate (''V'',''K'',''D'') which hash to a someone else's ''T'', and copy their ''S''||anyone||any one file||the hash function's and cap format's collision resistance on ''T''||2^''t''^||
 ||5||unauthorized read||attack the encryption of the plaintext with ''K''||anyone||any one file||the cipher's security and the secrecy of the encryption key ''K''||2^''k''^||
+||4||roadblock or speedbump [footnote 2]||generate (''K1enc'',''Dhash'',''V'') which hash to someone else's ''T'', and copy their ''S''||anyone||any one file||the hash function's and cap format's collision resistance on ''T''||2^''t''^||
+||5||unauthorized read||attack the encryption of the plaintext with ''K1''||anyone||any one file||the cipher's security and the secrecy of the encryption key ''K1''||2^''k''^||
 ||6||unauthorized read||figure out the input to the hash function that generates ''S''||anyone||any one file||the hash function's pre-image resistance on ''S''||brute force attack on ''R'' is !#2||
 . ''shape-shifter immutable file'': creator creates more than one file matching the immutable file readcap
 . ''roadlblock'': attacker prevents uploader (including repairer) from being able to write a real share into the right storage index; ''speedbump'': attacker adds his bogus share into the list of shares stored under the storage index by the same method; downloader has to download, examine, and discard the bogus (''V'',''K'',''D'')'s until it finds the real one
+. ''roadblock'': attacker prevents uploader (including repairer) from being able to write a real share into the right storage index; ''speedbump'': attacker adds his bogus share into the list of shares stored under the storage index by the same method; downloader has to download, examine, and discard the bogus (''K1enc'',''Dhash'',''V'')'s until it finds the real one
 http://allmydata.org/pipermail/tahoe-dev/2009-October/002959.html