Changes between Version 2 and Version 3 of NewImmutableEncodingDesign


Ignore:
Timestamp:
2009-09-03T07:06:32Z (15 years ago)
Author:
warner
Comment:

update on the hypothetical zooko scheme

Legend:

Unmodified
Added
Removed
Modified

  • NewImmutableEncodingDesign

    v2 v3  
    107107nothing in K2 that's dependent upon the actual shares.
    108108
     109If SI=H(K2) and K1=CHK(data), then you get protection against Rose+Server,
     110but you only get to discover problems after you've extracted all of the
     111plaintext, so alacrity is maximally bad (you can't deliver the first byte
     112of validated plaintext until you've retrieved the last byte of the ciphertext).
     113
     114Not having a validated UEB is troublesome, because then you don't know which
     115shares are good, so if whatever subsequent validation you have (like a CHK)
     116fails, you don't know which shares to throw out. But since all shares are
     117supposed to have a copy of the same UEB, there's a workaround: validate each
     118share up to its local UEB, sort the varieties of UEBs that you see, start
     119with the most popular one, see if a decode matches your CHK. If not, iterate
     120to the next-less-popular variant, etc.
     121
    109122If SI=UEBhash, then you've got the integrity checking that you want, but
    110123there's no way for the readcap holder to find out what the storage-index is,
    111124so they can neither locate a share (to compute everything else) nor can they
    112 use the storage-index to validate anything.
     125use the storage-index to validate anything. You could imagine a separate
     126table, though, that mapped H(K2) to storage-index values, but of course this
     127table would have to be stored somewhere, etc.
     128
     129
    113130
    114131== Mutable readcap plus commitment ==