> That is not my worry. Signing the data posted to the DHT can prevent spoofing, > querying it over a mix network or using a PIR protocol can prevent > eavesdropping. I'm more worried about various sorts of denial of service > attacks, or service being shut down by inadvertent behavior.
Of course the data can be signed, encrypted, etc. But the rule of the game is that the adversary can manufacture as many peers as they want -- something known as the Sybil attack. They can then perform various forms of denial. For example, the connectivity of the DHT generally relies on connectivity between nodes of similar indices. The attackers can research hashes that fall very near the hash of the target node, add the corresponding nodes in the DHT, and effectively place themselves in the path of DHT traffic meant for the target node. This enables passive traffic analysis, and active denial of service. Another potential attack is to get node indices close to that of a popular resource, effectively becoming the repository of record for that resource. Again, that enables passive traffic analysis, e.g. finding who accesses a specific resource, and also active denial of service attacks. If the attackers can manufacture enough virtual nodes, they obtain control of the network. They can use that passively for global traffic analysis. They can also engineer selective disruption, inject traffic to DOS specific nodes, and other fun games. Bottom line, anonymous DHT are fragile. If we want something robust, we have to forgo the mathematical elegance of the DHT, and adopt a network structure in which nodes only connect to peers that they trust. You could call that "networks of friends." That removes the nice O(log N) properties of the DHT, and it becomes hard to guarantee that all queries will converge. But the network becomes much harder to penetrate. The old Freenet had a structure like that. -- Christian Huitema _______________________________________________ The cryptography mailing list email@example.com http://www.metzdowd.com/mailman/listinfo/cryptography