[dropping tahoe-dev from Cc:]

On Thursday,2009-08-06, at 2:52 , Ben Laurie wrote:

Zooko Wilcox-O'Hearn wrote:
I don't think there is any basis to the claims that Cleversafe makes that their erasure-coding ("Information Dispersal")-based system is fundamentally safer
Surely this is fundamental to threshold secret sharing - until you reach the threshold, you have not reduced the cost of an attack?

I'm sorry, I don't understand your sentence. Cleversafe isn't using threshold secret sharing -- it is using All-Or-Nothing-Transform (built out of AES-256) followed by Reed-Solomon erasure-coding. The resulting combination is a computationally-secure (not information- theoretically-secure) secret-sharing scheme. The Cleversafe documentation doesn't use these terms and is not precise about this, but it seems to claim that their scheme has security that is somehow better than the mere computational security that encryption typically offers.

Oh wait, now I understand your sentence. "You" in your sentence is the attacker. Yes, an information-theoretically-secure secret- sharing scheme does have that property. Cleversafe's scheme hasn't.



The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to