[tor-dev] Can we stop sanitizing nicknames in bridge descriptors?

Ian Goldberg iang at cs.uwaterloo.ca
Sat May 5 13:05:24 UTC 2012


On Sat, May 05, 2012 at 01:47:45AM +0200, Ondrej Mikle wrote:
> One trick I had in mind was create "secret hash function" (take the following
> with a grain of salt, algebra is not my "primary thing"):
> 
> - you keep generators g_i secret, which turns the problem from discrete-log into
> a problem of finding n-th root in finite field (n is the value of the digraph,
> trigraph or few characters, e.g. encoded value of 'ec2bridge', possibly
> "blinded" by another multiplication with secret constant c_i)
> - in general, computing n-th root is quite slow [1], but there are many special
> cases like square root (quadratic residue)
> - the above properties would make it slow for attacker to brute-force all
> possible values - i.e. attacker can't just compute the result values of such
> homomorphic hash, because he doesn't know the function parameters (e.g. without
> computing the generators), but everyone can use the "homomorphic property" for
> testing parts

It sounds like you're talking about the homomorphic hashing paper you
linked to in your last email.  But there, the exponentiations are in
Z_p, and taking n-th roots in Z_p is totally trivial.

I seem to have lost the thread of why we're doing this.  Is it just to
count how many bridges are running our ec2 / rackspace / etc. bridge
images?  Can't we just report that out of band?  Is the EC2 IP space not
known?  I must be missing something.

   - Ian


More information about the tor-dev mailing list