On Wednesday 06 February 2008 22:35, Robert Hailey wrote: > > On Feb 6, 2008, at 3:16 PM, Michael Rogers wrote: > > > Matthew Toseland wrote: > >> The other problem with swapping - which may also be a fatal flaw, > >> and may be > >> another variant of the same bug - is that an attacker can send > >> bogus swap > >> requests, which can be catastrophic. > > > > Currently an attacker can wait until it sees the other node's location > > and peer-locations, then reply with a location and peer-locations that > > will persuade the other node to swap, right? > > > > I wonder if we can work out a way for the two swapping nodes to commit > > to their locations and peer-locations without revealing them until the > > swap has been agreed? (For example by sending the hash of the list > > instead of the list?) > > > > An attacker could still abort the swap after agreeing, but at least it > > would have to pick locations by trial and error instead of choosing > > them > > after seeing those of the other node. And the limit on the number of > > swap requests per link would limit the amount of trial and error... > > > > Cheers, > > Michael > > I have always been leary of transmitting the location lists. It seems > like we only need to transmit the locations. It would add an extra > interchange, but it amounts to: > > Node A -> "want location 0.8? my stress weight is: 0.01" > Node B (computes...) > Node B <- "sure; my location was 0.81; stress weight was: 0.03" > Node A (computes and may or may not agree) > Node A -> Ack/Decline > Node B sets it's location after receving an Ack. > Node A has already set it's location if it agrees > > An attacker could just as easily forge the stress metro-stress > computation as supplying a fake list of locations, right? Whereas with > an extra interchange might require a Sybil network to maintain more > state for longer. But then we loose the pretty network donut graphs :( > > Relatedly... I believe the way it is presently implemented (where the > probability is decided twice), makes it 1/2 as likely to succeed as it > should. That is to say, for the shouldSwap() method's > probabilistically-disfavored-swap, both nodes must pick random()<prob; > and so it is 1/2 as likely as the algorithim intends.
Not true. We agree a random number as part of the protocol. However, either side may rat on the agreement, and the location lists (or the stress computations) may be completely bogus. One advantage of sending the location lists is neighbours could conceivably check them when we have full published topology information. This might be a way of enforcing swaps. Of course it doesn't work against Sybil. :( But maybe we can detect Sybil dungeons and separate them for swapping purposes? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20080207/758d0286/attachment.pgp>
