[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [freehaven-dev] Publius

Here's some of the differences between us and them that I see on a first

* They borrow the concept from TAZ/Rewebber of having multiple 
  proxies "decode" a URL to point to shares of a document. This means
  that they can implement the client by a proxy which understands 
  these weird URLs and plugs into a browser. 

  This has the significant advantage of allowing hyperlinks within 
  the Publius system, since they look like a funny kind of URL. Then
  these links can be served just like http links. 

* However, they seem to punt on the question of how to prevent 
  someone from following the link back ("use Crowds") in section
  5.4 .

* They're using plain vanilla Shamir secret sharing. Among other 
  things, this means that if a share or shares is damaged, they can't tell
  until after the document reconstructs to garbage, and so in the worst
  case they have to try all combinations of shares to figure out which are
  good and which are bad (section 3.3).
  That's kind of suboptimal, but I don't see yet why they couldn't use
  IDA or some kind of scheme where bad shares are immediately

* They don't have the notion of a "trust network" that we do. In fact, 
  I'm not sure where they expect their servers to come from. They *do*
  discuss what happens if servers go bad in section 5, but they don't
  offer much more than "make the number of servers required to reconstruct
  very big" and then "make publishing content expensive" as a solution,
  either via e-cash or hashcash. 

  There is a suggestion that a threshold of servers (in terms of the
  number of shares the document is split into) must be corrupted in order
  to do something bad. Their discussion of this is a bit brief, though.

  I think that under the assumption that the broadcast reaches everyone,
  and neglecting trading, we may have similar threshold guarantees to

* They allow unpublishing and updating of content. They do discuss 
  rubber hose cryptanalysis in section 5.5, but I can't make out what
  they're saying in the publisher case -- it looks like they are 
  discounting the possibility that the adversary will guess a publisher
  and then try to beat the unpublishing key out of him. 

* No trading. 


On Sun, 30 Apr 2000 dmolnar@belegost.mit.edu wrote:

> Looks like related work to me...
> http://www.cs.nyu.edu/~waldman/publius/