wiki:NewCaps/WhatCouldGoWrong

Version 2 (modified by zooko, at 2009-10-10T21:58:19Z) (diff)

whee more attacks

This is about What Could Go Wrong with the "Elk Point 2" immutable file caps: http://jacaranda.org/tahoe/immutable-elkpoint-2.svg

#what bad thing could happenhowwho could do itwhat could they targetwhat crypto property prevents ithow expensive to brute force
1shape-shifter immutable file [footnote 1]collide read-cap (R,T)creator of a filetheir own filethe hash function's and cap format's collision resistance on the read-cap (R,T)2(r+t)/2
2unauthorized readattack the encryption of K with Ranyoneany one filethe cipher's security and the secrecy of the read-key R2r
3forgery of immutable filegenerate a matching read-cap (R,T) for someone else's fileanyoneany one filethe hash function's and cap format's second-pre-image resistance on (R,T)2r+t
4roadblock or speedbump [footnote 2]generate (V,K,D) which hash to a someone else's T, and copy their Sanyoneany one filethe hash function's and cap format's collision resistance on T2t
5unauthorized readattack the encryption of the plaintext with Kanyoneany one filethe cipher's security and the secrecy of the encryption key K2k
6unauthorized readfigure out the input to the hash function that generates Sanyoneany one filethe hash function's pre-image resistance on Sbrute force attack on R is #2
  1. shape-shifter immutable file: creator creates more than one file matching the immutable file readcap
  2. roadlblock: attacker prevents uploader (including repairer) from being able to write a real share into the right storage index; speedbump: attacker adds his bogus share into the list of shares stored under the storage index by the same method; downloader has to download, examine, and discard the bogus (V,K,D)'s until it finds the real one

http://allmydata.org/pipermail/tahoe-dev/2009-October/002959.html