[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: authenticity discussion
|
From: |
gnunet |
|
Subject: |
[taler-anastasis] branch master updated: authenticity discussion |
|
Date: |
Thu, 11 Jun 2020 11:10:57 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new 747c486 authenticity discussion
new f2e2309 Merge branch 'master' of git+ssh://git.taler.net/anastasis
747c486 is described below
commit 747c486ab5970d235d7c1f8ef93560d132e81b2f
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Thu Jun 11 11:10:49 2020 +0200
authenticity discussion
---
doc/thesis/design.tex | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/doc/thesis/design.tex b/doc/thesis/design.tex
index 2cba75d..6062fa9 100644
--- a/doc/thesis/design.tex
+++ b/doc/thesis/design.tex
@@ -114,6 +114,27 @@ which Anastasis escrow providers would need to collude to
break
confidentiality. These policies also set the bar for the user to
recover their core secret.
+Anastasis providers are also not individually trusted to provide
+availability or authenticity. Users can specify multiple policies, and
+satisfying any one of the policies would allow them to recover their
+core secret assuming the subset of providers specified in the policy
+is available (and preserved the authenticity of the data). As clients
+sign their uploads, they can verify the authenticity of the data
+returned by checking the signatures. Only strong adversaries are able
+to forge signatures, so they could create fraudulent recovery
+documents and/or key shares resulting in invalid restored core
+secrets. However, because uploads are never destructive, strong
+adversaries can only succeed in breaking availability if they collude
+with escrow providers that are present in all policies selected by the
+user.
+
+Thus, users can improve confidentiality by having many different
+escrow providers in their policies, and improve availability by having
+many policies with few escrow providers. Anastasis does not resolve
+this trade-off, but allows users to make individual choices and gives
+them agility with respect to the parties whom they offer their
+trust~\cite{marlinspike2011}.
+
\subsection{The recovery document}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-anastasis] branch master updated: authenticity discussion,
gnunet <=