David-Sarah Hopwood wrote: > > Given that for mutable files, a read cap can be a hash of a public key > that is stored with the signature, it seems like we now have all the > protocols needed to design new Tahoe URL schemes that are much shorter
How long do we need that hash to be? I'm not clear on the math. If we want a 128bit security parameter, and we have a 128bit writecap (the signing key), the DSA verifying key will be 256bits, yeah? Would a 128bit hash of that verifying key be sufficient to maintain our security level? One design described on NewMutableEncodingDesign calls for a readcap that contains a hash of the writecap and a hash of the verifying key. If we could get away with 128bits for each, we'd have 256bit readcaps (i.e. 2*kappa). I don't know how to get that down to 1*kappa. I'll sit down and think about how zooko's immutable-file trick could be applied to mutable files, but I suspect that it would lose offline writecap-to-readcap attenuation, and I think that's too much of a cost to bear. always puzzled, -Brian _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
