I wonder if much of the work on secure DHT's and such is based on bad
assumptions. A DHT is just a key/value mapping. There are two reasons to want
to distribute such a thing: To deal with high, distributed load; and because
it's too large to store on any one node. I contend that the second has become
a non-problem. The DHT uses I've seen involve at most a couple of billion
small key/value pairs; most involve a few million at most. Even at the high
end, what's today a fairly small, moderately powered system can handle this
much data with no problems. The limitations are on QPS. However, there are
plenty of mundane techniques to deal with that, including replication,
deterministic sharding, and caching. They are all much simpler than DHT's and
are hence less likely to have the subtle security problems that DHT's do.
Fundamentally, we're asking DHT's to solve three problems at once: Distribute
a map; be robust in the face of node failure; do it all securely. Better to
use good solutions to the individual problems and combine them than to try to
find a way to do all at once.
I worked on data structures somewhat like DHT's back in the late 1970's (to
implement the Linda distributed programming language on LAN's and hypercubes
and similar networks). Neat idea at the time, and it was fun to see it come
back as a neat idea on a much larger scale years later; but perhaps its time is
(again) passing.
-- Jerry
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
