I wonder if much of the work on secure DHT's and such is based on bad assumptions. A DHT is just a key/value mapping. There are two reasons to want to distribute such a thing: To deal with high, distributed load; and because it's too large to store on any one node. I contend that the second has become a non-problem. The DHT uses I've seen involve at most a couple of billion small key/value pairs; most involve a few million at most. Even at the high end, what's today a fairly small, moderately powered system can handle this much data with no problems. The limitations are on QPS. However, there are plenty of mundane techniques to deal with that, including replication, deterministic sharding, and caching. They are all much simpler than DHT's and are hence less likely to have the subtle security problems that DHT's do.
Fundamentally, we're asking DHT's to solve three problems at once: Distribute a map; be robust in the face of node failure; do it all securely. Better to use good solutions to the individual problems and combine them than to try to find a way to do all at once. I worked on data structures somewhat like DHT's back in the late 1970's (to implement the Linda distributed programming language on LAN's and hypercubes and similar networks). Neat idea at the time, and it was fun to see it come back as a neat idea on a much larger scale years later; but perhaps its time is (again) passing. -- Jerry _______________________________________________ The cryptography mailing list firstname.lastname@example.org http://www.metzdowd.com/mailman/listinfo/cryptography