[tahoe-dev] how to encrypt and integrity-check with only one value [correction]
Brian Warner
warner at lothar.com
Tue Sep 8 00:16:04 UTC 2009
David-Sarah Hopwood wrote:
>
> Given that for mutable files, a read cap can be a hash of a public key
> that is stored with the signature, it seems like we now have all the
> protocols needed to design new Tahoe URL schemes that are much shorter
How long do we need that hash to be? I'm not clear on the math. If we
want a 128bit security parameter, and we have a 128bit writecap (the
signing key), the DSA verifying key will be 256bits, yeah? Would a
128bit hash of that verifying key be sufficient to maintain our security
level?
One design described on NewMutableEncodingDesign calls for a readcap
that contains a hash of the writecap and a hash of the verifying key. If
we could get away with 128bits for each, we'd have 256bit readcaps (i.e.
2*kappa). I don't know how to get that down to 1*kappa. I'll sit down
and think about how zooko's immutable-file trick could be applied to
mutable files, but I suspect that it would lose offline
writecap-to-readcap attenuation, and I think that's too much of a cost
to bear.
always puzzled,
-Brian
More information about the tahoe-dev
mailing list