> > We could leave the version field outside the AONT, though, but commit to > changing the paramaters of the AONT (in particular, the domain > separation constant?) if we change the version number, so that an > adversary changing the version number to "2" would just cause the client > to throw an error (before version 2 exists) or be an invalid address > (after version 2 exists)?
To add an aside from a discussion with Teor: the entire "version" field could be reduced to a single - probably "zero" - bit, in a manner perhaps similar to the distinctions between Class-A, Class-B, Class-C... addresses in old IPv4. Thus: if the first bit in the address is zero, then there is no version, and we are at version 0 of the format If the first bit is one, we are using v1+ of the format and all bets are off, except that the obvious thing then to do is count the number of 1-bits (up to some limit) and declare that to be version number. Once we're up to 3 or 4 or 7 or 8 one-bits, then shift version encoding totally. Teor will correct me if I misquote him, but the advantage here was: a) the version number is 1 bit, ie: small, for the forseeable / if we get it right b) in pursuit of smallness, we could maybe dump the hash in favour of a AONT + eyeballs, which would give back a bunch of extra bits result: shorter addresses, happier users. -- http://dropsafe.crypticide.com/aboutalecm
_______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev