On Wed, Apr 25, 2012 at 10:27 PM, Marsh Ray <[email protected]> wrote: > On 04/25/2012 10:11 PM, Zooko Wilcox-O'Hearn wrote: >> 2. the verifier-oriented way: you make a secure hash of the chunk, and >> make the resulting hash value known to the good guy(s) in an >> authenticated way. > > > Is option 2 sort of just pushing the problem around? > > What's going on under the hood in the term "in an authenticated way"? > > How do you do authentication in an automated system without someone > somewhere keeping something secret? > > Is authenticating the hash value fundamentally different from "ensuring the > integrity of a chunk of data"?
You have two choices for providing AE and (2): a) MAC the root of each file's (or directory's, or dataset's) Merkle hash tree, or b) store a hash and a MAC, thereby forming a Merkle hash tree and a parallel Merkle MAC tree. In terms of additional storage and compute power (a) is clearly superior. I believe the security of (a) is adequate. Nico -- _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
