Version 2 (modified by zooko, at 2009-10-10T21:58:19Z) (diff) |
---|
This is about What Could Go Wrong with the "Elk Point 2" immutable file caps: http://jacaranda.org/tahoe/immutable-elkpoint-2.svg
# | what bad thing could happen | how | who could do it | what could they target | what crypto property prevents it | how expensive to brute force |
1 | shape-shifter immutable file [footnote 1] | collide read-cap (R,T) | creator of a file | their own file | the hash function's and cap format's collision resistance on the read-cap (R,T) | 2(r+t)/2 |
2 | unauthorized read | attack the encryption of K with R | anyone | any one file | the cipher's security and the secrecy of the read-key R | 2r |
3 | forgery of immutable file | generate a matching read-cap (R,T) for someone else's file | anyone | any one file | the hash function's and cap format's second-pre-image resistance on (R,T) | 2r+t |
4 | roadblock or speedbump [footnote 2] | generate (V,K,D) which hash to a someone else's T, and copy their S | anyone | any one file | the hash function's and cap format's collision resistance on T | 2t |
5 | unauthorized read | attack the encryption of the plaintext with K | anyone | any one file | the cipher's security and the secrecy of the encryption key K | 2k |
6 | unauthorized read | figure out the input to the hash function that generates S | anyone | any one file | the hash function's pre-image resistance on S | brute force attack on R is #2 |
- shape-shifter immutable file: creator creates more than one file matching the immutable file readcap
- roadlblock: attacker prevents uploader (including repairer) from being able to write a real share into the right storage index; speedbump: attacker adds his bogus share into the list of shares stored under the storage index by the same method; downloader has to download, examine, and discard the bogus (V,K,D)'s until it finds the real one
http://allmydata.org/pipermail/tahoe-dev/2009-October/002959.html