[p2p-hackers] Re: Byzantine Quorum Systems / key predistribution

coderman coderman at gmail.com
Wed Apr 20 23:39:25 UTC 2005 

I'm interested in using key predistribution for transitive
introduction with strong identities.  I have to echo Zooko's sentiment
that the popularity of such methods in the kazaa crowd is not going to
be high.  I'm mainly interested in feasibility.

The way I have kludged this together is as follows:

1. Bootstrap with a live CD.  you create an "identity" on a USB fob
with AES256 loopback (knoppix).

2. Create a large number of RSA key pairs for use in transitive
introduction.  "large" may be 1,000 keys or 10M. (GnuPG)

3. Burn a copy of live CD for your friend(s).  Each copy includes all
of the public keys associated with your identity (for use with
transitive introduction).

4. Friends bootstrap their CD (creating an identity if they don't have
one) and can request connections from the peers with predistributed
keys on the disc.  When a connection is requested the remote peer
tells the client which of the predistributed keys to use.  I let the
remote peer select the key to use (via a simple offset, key #2048 for
ex.) to prevent keys from being re-used.

5. These connections can in turn be used for secure transitive
introduction to other peers.

The goal is to exchange keys "out of band" via DVD-R ISO images, with
the cache of public predistributed keys appended to as the
distribution is copied from friend to friend.

What kinds of things would you use this for?



On 2/23/05, Zooko O'Whielacronx <zooko at zooko.com> wrote:
> ...
> This paper can be lossily compressed as: "Your scheme can handle up to
> K malicious nodes.  My attacker can bring K+1 malicious nodes to the
> party.".
> 
> ... 
> This implicit premise is that a connection between two node arises ex
> nihilo.  That is: for any three nodes A, B, and C, A has (at the start)
> no information about how B differs from C.  This assumption is
> obviously key to the whole issue.  It is also obviously wrong!
> 
> In practice the opposite is often true: for any three nodes A, B, and
> C, A often has information distinguishing B from C.  This is because A
> has been introduced to B somehow, and that introduction gave A
> information.  (Likewise with A's introduction to C.)

More information about the P2p-hackers mailing list