commit 4ab0e56e332745eb65c5ff14fb58164fe49a4c13
parent 6b0433affa4148f882a0e75f2f330741f41fe120
Author: Elias Summermatter <elias.summermatter@seccom.ch>
Date: Tue, 15 Jun 2021 19:29:05 +0200
Fixed some more stuff
Diffstat:
1 file changed, 9 insertions(+), 17 deletions(-)
diff --git a/draft-summermatter-set-union.xml b/draft-summermatter-set-union.xml
@@ -2225,6 +2225,15 @@ FUNCTION END
the IBF to get the maximum counter in the IBF. The second function
packs the counters of the IBF, and the third function that unpacks the counters.
</t>
+ <t>
+ As a plausibly check to prevent the byzantine upper bound
+ checks in <xref target="security_generic_functions_check_byzantine_boundaries" format="default"/>
+ to fail, implementations must ensure that the
+ estimates of the set size difference added together
+ never exceed the set byzantine upper bound. This
+ could for example happen in case the strata estimator
+ overestimates the set difference.
+ </t>
<figure anchor="performance_counter_variable_size_code">
<artwork name="" type="" align="left" alt=""><![CDATA[
@@ -2485,23 +2494,6 @@ FUNCTION check_byzantine_bounds (rec,rsd,lec,lsd)
FUNCTION END
]]></artwork>
</figure>
- <t>
- For the byzantine upper bound checks to function
- correctly, implementations must ensure that the
- estimates of the set size difference added together
- never exceed the set byzantine upper bound. This
- could for example happen if the strata estimator
- overestimates the set difference.
- <!-- FIXME: if an implementation does this, then
- the first two parts of the check are trivially
- satisfied; so likely we should formulate this
- not as a 'check' function to be _actually_
- executed, but as a plausibility check which
- is to be applied after the SE calculation to
- the computed set size differences, resulting
- in a hard cap on the set size difference estimate
- that is then actually used. @Christian: ???-->
- </t>
</section>
<section anchor="security_generic_functions_check_valid_state" numbered="true" toc="default">
