[146975] in cryptography@c2.net mail archive
Re: [Cryptography] Squaring Zooko's triangle
daemon@ATHENA.MIT.EDU (Peter Fairbrother)
Tue Sep 10 15:11:42 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 10 Sep 2013 18:09:14 +0100
From: Peter Fairbrother <zenadsl6186@zen.co.uk>
To: jamesd@echeque.com, Cryptography Mailing List <cryptography@metzdowd.com>
In-Reply-To: <522EA25F.9050907@echeque.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 10/09/13 05:38, James A. Donald wrote:
> On 2013-09-10 3:12 AM, Peter Fairbrother wrote:
>> I like to look at it the other way round, retrieving the correct name
>> for a key.
>>
>> You don't give someone your name, you give them an 80-bit key
>> fingerprint. It looks something like m-NN4H-JS7Y-OTRH-GIRN. The m- is
>> common to all, it just says this is one of that sort of hash.
>
> 1. And they run away screaming.
Sorry, I misspoke: you can of course give them your name, just not your
telephone number or email address. You give them the hash instead of those.
> 2. It only takes 2^50 trials to come up with a valid fingerprint that
> agrees with your fingerprint except at four non chosen places.
And that will help an attacker how?
To use a hash to contact you Bob has to ask the semi-trusted server to
find the hash and then return your matching input string - if he gets it
wrong even in one place the server will return a different hash, or no
hash at all.
Bob can't use a hash which doesn't match exactly.
Sound too restrictive? But Bob can't use a telephone number or email
address which is wrong in one place, never mind four, either.
I was even thinking of using a 60-bit hash fingerprint (with a whole lot
of extra work added, to make finding a matching tailored preimage about
2^100 or so total work), so a hash would look like s-NN4H-JS7Y-OTRH but
I haven't convinced myself that that would work yet.
Mind you, I haven't ruled it out either. There is a flood attack, but it
can be defeated by people paying a dollar to the server when they input
a hash.
-- Peter Fairbrother
> _______________________________________________
> The cryptography mailing list
> cryptography@metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography