[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freehaven-dev] (FWD) Re: paper comments - 1st impressions
----- Forwarded message from Michael J Freedman <mfreed@MIT.EDU> -----
Date: Mon, 26 Feb 2001 01:57:03 -0500
To: hopwood@zetnet.co.uk
From: Michael J Freedman <mfreed@MIT.EDU>
Subject: Re: paper comments - 1st impressions
Cc: freehaven@freehaven.net
At 11:36 PM 2/25/2001 +0000, David Hopwood wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Michael J Freedman wrote:
>> David Hopwood wrote:
>> >If N_i tries to send a message to N_{i+1} but cannot obtain a receipt,
>> >then instead of publishing the message, it sends it to all of the
>> >judges (if N_i cannot manage to contact any judges, then it should be
>> >considered unreliable, so it is OK that it does not obtain a receipt).
>> >
...
>>
>> I'm a bit unconvinced that this is providing any real security. (But I'm
>> really tired when reading this, so bear with me).
>>
>> N_i sends to N_{i+1}
>> N_{i+1} sends a receipt back to N_i saying "I got it."
>> N_i is happy
>> N_{i+1} does nothing more
>
>Now, suppose the original sender, Alice, suspects that her message has not
>been delivered. She determines (by communicating with each node over the
>mix-net) the first node that does not have a receipt from the next node on
>the route, which in this case will be N_{i+1}.
>
>Because N_i is honest, Alice can obtain from N_i the receipt signed by
>N_{i+1}. Then she tells the judges that N_{i+1} failed (also giving the
>receipt, message, random seed, and the next node N_{i+2}, which are checked
>as in the original protocol). They try to obtain from N_{i+1} its receipt
>signed by N_{i+2}, but fail because N_{i+1} doesn't have it. Therefore,
>all the judges conclude that N_{i+1} failed, and the honest judges publish
>that.
Sure, I buy that.
I wasn't thinking of Alice's later role in this process. It might be less
clear what we mean by Alice "suspecting" -- it was much clearer in the
ledger model -- but I don't have a better answer right now.
And, you can always play the game like judicial systems do. We don't need
to catch everybody that behaves badly -- only make the "punishment" of
doing so (somewhat) prohibitively expensive. So, if you catch 'em k of n
times the fail, you still win...
>> But it's not quite that simple, 'cause honest nodes can also have a
>> failure mode whereby they send the "got it" receipt, then just crash,
>> and (I think?) we lose.
>
>If a node crashes, and does not recover in sufficient time to try again,
>then it is by definition unreliable.
Of course. I was thinking of the issue module Alice acting at some later
time, in which we "lose" by not catching the bad node. We obviously want
to catch nodes that both intentionally and non-intentionally fail.
Thanks for the quick response,
--mike
-----
"Not all those who wander are lost." mfreed@mit.edu
----- End forwarded message -----