This is about What Could Go Wrong with the "Elk Point 2" immutable file caps: ​http://jacaranda.org/tahoe/immutable-elkpoint-2.svg

#	what bad thing could happen	how	who could do it	what could they target	what crypto property prevents it	how expensive to brute force
1	shape-shifter immutable file [footnote 1]	collide read-cap (R,T)	creator of a file	their own file	the hash function's and cap format's collision resistance on the read-cap (R,T). This also depends on the encryption of K1 being deterministic and correct.	2(n+t)/2
2	unauthorized read	attack the encryption of K1 with R	anyone	any one file	the cipher's security and the secrecy of the read-key R	2n
3	forgery of immutable file	generate a matching read-cap (R,T) for someone else's file	anyone	any one file	the hash function's and cap format's second-pre-image resistance on (R,T)	2n+t
4	roadblock or speedbump [footnote 2]	generate (K1enc,Dhash,V) that hash to someone else's T, and copy their S	anyone	any one file	the hash function's and cap format's collision resistance on T	2t
5	unauthorized read	attack the encryption of the plaintext with K1	anyone	any one file	the cipher's security and the secrecy of the encryption key K1	2k
6	unauthorized read	figure out the input to the hash function that generates S	anyone	any one file	the hash function's pre-image resistance on S	brute force attack on R is #2

where k = bitlength(K1), n = bitlength(R), t = bitlength(T).

1. shape-shifter immutable file: creator creates more than one file matching the immutable file readcap
2. roadblock: attacker prevents uploader (including repairer) from being able to write a real share into the right storage index; speedbump: attacker adds his bogus share into the list of shares stored under the storage index by the same method; downloader has to download, examine, and discard the bogus (K1enc,Dhash,V)'s until it finds the real one

​http://allmydata.org/pipermail/tahoe-dev/2009-October/002959.html