On Mon, Aug 10, 2009 at 3:40 PM, Jason Resch<[email protected]> wrote: > > Recalling what the original poster said: > "Surely this is fundamental to threshold secret sharing - until you > reach the threshold, you have not reduced the cost of an attack?" > > Cleversafe's method does have this property, the difficulty in breaking the > random transformation key does not decrease with the number of slices an > attacker gets. Though the difficulty is not infinite, (as is the case with > an information theoretically secure scheme) it does remain fixed until a > threshold is reached.
That isn't correct. The more slices an attacker has access to, the more information they have which they might be able to use to break the encryption. This is equivalent to saying that "the difficulty" (in the sense of computationally secure cryptography) decreases. Now, if the encryption scheme (in this case one formed out of AES-256 and a hash function) is secure, then whatever information they gain won't help them (until they reach the threshold), so "the difficulty" remains too difficult for them (until they reach the threshold). However, if the encryption scheme is less than perfect, then maybe they can crack the system without having a threshold number of the slices. This is just the normal definition of a computationally-secure cryptosystem based on an encryption scheme. The AONT design doesn't make it stronger in the case of a weak cipher or a weak hash function than a similar design such as Tahoe-LAFS. Indeed, the AONT arguably makes it weaker. Hm, your overview diagram [1] doesn't say what hash function is used to generate the mask for the AONT, but this document [2] says you are using MD5. However, [2] also says you are using AES-128 which contradicts [1]'s statement that you are using AES-256, so I'll bet [2] is obsolete. Could you point to more details about the implementation of the AONT and the other algorithms? Thanks! Regards, Zooko [1] http://dev.cleversafe.org/weblog/?p=111 [2] http://www.cleversafe.org/documentation/Cleversafe-Arch.pdf _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
