[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal 225: Strawman proposal: commit-and-reveal shared rng

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Proposal 225: Strawman proposal: commit-and-reveal shared rng
From: Kang <td66bshwu@xxxxxxxxx>
Date: Thu, 12 Dec 2013 05:36:05 +1030
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 11 Dec 2013 14:06:15 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=4H7Mil+aUxTCSXDgKro1Q7wBmEkJ0bnFXfrBAePS7v0=; b=L9eU4JvwPxsBqmnIDlLXCTnd8ag6JI/J/V1vJXUK/p3NizASIVXnLWVddZReg5a4kr FwcByuIcQ7GChzd4lvHxi6RynVqbrbxXTDIFSC1gMLK4st+xXoTkzKGiUlSSf7HRLtRC +skvD0vbQvc6wkyV6JR5yhIUFRjHaaE45SkFVkGprOZ9TKaC2VIKsmrywsx1141MSoiT 5s4OT9i1GaZzQZKkjm00P+7wJKXO5N4+gKnk5Xr/3lZbxu5fraxgdOnA7fvIH+ZCnRJp CuwxxIIlze+ONK6kamCR5ef6SEXAm5xeFrEexe6m4mYgjAIbTW+e9l+x/x7MLtKquEWQ UBlw==
In-reply-to: <CAOSP0Gq-YRZrEpd3DJQpfpcRrk=33boYsbMp_nWmWY5HgHh25Q@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAKDKvuwhEa81kB_jk8v+ac453he3-LdKB4uJwTVey9AgcpTj4Q@xxxxxxxxxxxxxx> <CAOSP0Gq-YRZrEpd3DJQpfpcRrk=33boYsbMp_nWmWY5HgHh25Q@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

As it currently is this suffers from something like the Byzantine
general's problem.
Attacks may be performed based on the fact that participants don't
necessarily transition between states at the same moment.
Error handling must be carefully considered and the SYNC round made
more robust to compensate.

For instance if an adversary is able to convince an honest participant
to restart while the rest of the participants keep going they could
drop the number of honest participants below the secret sharing
threshold and the protocol loses all security benefit.
Additionally, if restarts can be caused after _any_ honest participant
has revealed then that's equally exploitable; an attacker could wait
for the first honest reveals, calculate the result, and then cause an
error that triggers a restart if they didn't like it [provided they're
fast enough].
These are possible because participants aren't psychic so they don't
immediately know if somebody has revealed or reported an error.
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- Re: [tor-dev] Proposal 225: Strawman proposal: commit-and-reveal shared rng
  - From: Kang

Prev by Author: Re: [tor-dev] (Draft) Proposal 224: Next-Generation Hidden Services in Tor
Next by Author: Re: [tor-dev] [tor-reports] Damian's Status Report - November 2013
Previous by thread: Re: [tor-dev] Proposal 225: Strawman proposal: commit-and-reveal shared rng
Next by thread: Re: [tor-dev] (Draft) Proposal 224: Next-Generation Hidden Services in Tor
Index(es):
- Author
- Thread