diff options
| author | Christian Grothoff <christian@grothoff.org> | 2021-06-12 16:49:12 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2021-06-12 16:49:12 +0200 |
| commit | da2d89045c2fc10ea393e4eb917c3dca480486bc (patch) | |
| tree | 9897de299f0cc43ee4cf4548363a5e9094be5a46 /draft-summermatter-set-union.xml | |
| parent | aab0ce19452466c8290c700f1f6fddefa1c12ec2 (diff) | |
| download | lsd0003-da2d89045c2fc10ea393e4eb917c3dca480486bc.tar.gz lsd0003-da2d89045c2fc10ea393e4eb917c3dca480486bc.zip | |
chapter 1
Diffstat (limited to 'draft-summermatter-set-union.xml')
| -rw-r--r-- | draft-summermatter-set-union.xml | 54 |
1 files changed, 27 insertions, 27 deletions
diff --git a/draft-summermatter-set-union.xml b/draft-summermatter-set-union.xml index ad5f17f..66fdfab 100644 --- a/draft-summermatter-set-union.xml +++ b/draft-summermatter-set-union.xml | |||
| @@ -70,7 +70,7 @@ | |||
| 70 | 70 | ||
| 71 | Our primary envisioned application domain is the | 71 | Our primary envisioned application domain is the |
| 72 | distribution of revocation messages in the GNU Name | 72 | distribution of revocation messages in the GNU Name |
| 73 | System (GNS) <xref target="GNS" format="default" /><xref target="GNS" format="default"/>. In GNS, | 73 | System (GNS) <xref target="GNS" format="default" />. In GNS, |
| 74 | key revocation messages are usually flooded across the | 74 | key revocation messages are usually flooded across the |
| 75 | peer-to-peer overlay network to all connected peers | 75 | peer-to-peer overlay network to all connected peers |
| 76 | whenever a key is revoked. However, as peers may be | 76 | whenever a key is revoked. However, as peers may be |
| @@ -91,7 +91,7 @@ | |||
| 91 | computational results. We note that for such systems, | 91 | computational results. We note that for such systems, |
| 92 | the set reconciliation protocol is merely a component of | 92 | the set reconciliation protocol is merely a component of |
| 93 | a multiparty consensus protocol, such as the one | 93 | a multiparty consensus protocol, such as the one |
| 94 | described in F.Dold's "Byzantine set-union consensus using | 94 | described in Dold's "Byzantine set-union consensus using |
| 95 | efficient set reconciliation" <xref target="ByzantineSetUnionConsensusUsingEfficientSetReconciliation" format="default"/>. | 95 | efficient set reconciliation" <xref target="ByzantineSetUnionConsensusUsingEfficientSetReconciliation" format="default"/>. |
| 96 | </t> | 96 | </t> |
| 97 | <t> | 97 | <t> |
| @@ -108,12 +108,14 @@ | |||
| 108 | the number of network round-trips and the number of bytes | 108 | the number of network round-trips and the number of bytes |
| 109 | sent over the network. Thus, for the protocol to choose | 109 | sent over the network. Thus, for the protocol to choose |
| 110 | the right parameters for a given situation, applications | 110 | the right parameters for a given situation, applications |
| 111 | using the protocol SHOULD provide a parameter that specifies | 111 | using an implementation of the protocol SHOULD provide a |
| 112 | parameter that specifies | ||
| 112 | the cost-ratio of round-trips vs. bandwidth usage. Given | 113 | the cost-ratio of round-trips vs. bandwidth usage. Given |
| 113 | this trade-off factor, the protocol will then choose parameters | 114 | this trade-off factor, an implementation CAN then choose parameters |
| 114 | that minimize the total execution costs. In particular, there | 115 | that minimize total execution cost. In particular, there |
| 115 | is one major choice to be made, namely between sending the | 116 | is one major choice to be made, namely between sending the |
| 116 | complete set of elements, or sending only the elements that differ. | 117 | complete set of elements, or computing the set differences and |
| 118 | transmitting only the elements in the set differences. | ||
| 117 | In the latter case, our design is basically a concrete | 119 | In the latter case, our design is basically a concrete |
| 118 | implementation of a proposal by Eppstein.<xref target="Eppstein" format="default" /> | 120 | implementation of a proposal by Eppstein.<xref target="Eppstein" format="default" /> |
| 119 | </t> | 121 | </t> |
| @@ -123,9 +125,7 @@ | |||
| 123 | fault-tolerant because it provides cryptographic and | 125 | fault-tolerant because it provides cryptographic and |
| 124 | probabilistic methods to discover if the other peer | 126 | probabilistic methods to discover if the other peer |
| 125 | is dishonest or misbehaving. | 127 | is dishonest or misbehaving. |
| 126 | </t> | 128 | Here, the security objective is to limit resources wasted on |
| 127 | <t> | ||
| 128 | The objective here is to limit resources wasted on | ||
| 129 | malicious actors. Malicious actors could send malformed | 129 | malicious actors. Malicious actors could send malformed |
| 130 | messages, including malformed set elements, claim to | 130 | messages, including malformed set elements, claim to |
| 131 | have much larger numbers of valid set elements than they | 131 | have much larger numbers of valid set elements than they |
| @@ -141,27 +141,27 @@ | |||
| 141 | </t> | 141 | </t> |
| 142 | <t> | 142 | <t> |
| 143 | To defend against some of these attacks, applications | 143 | To defend against some of these attacks, applications |
| 144 | need to remember the number of elements previously | 144 | SHOULD remember the number of elements previously |
| 145 | shared with a peer, and provide a way to check that | 145 | shared with a peer, and SHOULD provide a way to check that |
| 146 | elements are well-formed. Applications may also be able | 146 | elements are well-formed. Applications MAY also |
| 147 | to provide an upper bound on the total number of valid | 147 | provide an upper bound on the total number of valid |
| 148 | elements that may exist. For example, in E-voting, the | 148 | elements that exist. For example, in E-voting, the |
| 149 | number of eligible voters could be used to provide such | 149 | number of eligible voters MAY be used to provide such |
| 150 | an upper bound. | 150 | an upper bound. |
| 151 | </t> | 151 | </t> |
| 152 | |||
| 153 | <t> | 152 | <t> |
| 154 | Initially, this RFC was created as part of Elias Summermatter's | 153 | A first draft of this RFC is part of Elias Summermatter's |
| 155 | bachelor thesis. Many of the algorithms and parameters | 154 | bachelor thesis. Many of the algorithms and parameters |
| 156 | documented in this RFC are derived in detail in this thesis. | 155 | documented in this RFC are derived from experiments |
| 157 | <xref target="byzantine_fault_tolerant_set_reconciliation" format="default"/> | 156 | detailed in this thesis. |
| 157 | <xref target="byzantine_fault_tolerant_set_reconciliation" format="default"/> | ||
| 158 | </t> | 158 | </t> |
| 159 | 159 | ||
| 160 | <t> | 160 | <t> |
| 161 | This document defines the normative wire format of resource records, resolution processes, | 161 | This document defines the normative wire format of resource records, resolution processes, |
| 162 | cryptographic routines and security considerations for use by implementors. | 162 | cryptographic routines and security considerations for use by implementors. |
| 163 | SETU requires a bidirectional secure communication channel between the two parties. | 163 | SETU requires a bidirectional secure communication channel between the two parties. |
| 164 | Specification of the communication channel is out of scope of this document. | 164 | Specification of the communication channel is out of scope of this document. |
| 165 | </t> | 165 | </t> |
| 166 | <t> | 166 | <t> |
| 167 | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL | 167 | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL |
| @@ -1600,7 +1600,7 @@ FUNCTION get_bucket_id (key, number_of_buckets_per_element, ibf_size) | |||
| 1600 | <t> | 1600 | <t> |
| 1601 | The <em><xref target="messages_request_full" format="title" /></em> message is sent by the initiating peer in <strong>Expect SE</strong> state to the receiving peer, if | 1601 | The <em><xref target="messages_request_full" format="title" /></em> message is sent by the initiating peer in <strong>Expect SE</strong> state to the receiving peer, if |
| 1602 | the operation mode "<xref target="modeofoperation_full-sync" format="title" />" is | 1602 | the operation mode "<xref target="modeofoperation_full-sync" format="title" />" is |
| 1603 | determined to be the superior <xref target="modeofoperation" format="title" /> and that it is the better choice that | 1603 | determined to be the superior <xref target="modeofoperation" format="title" /> and that it is the better choice that |
| 1604 | the other peer sends his elements first. The initiating peer changes after sending the <em><xref target="messages_request_full" format="title" /></em> message into | 1604 | the other peer sends his elements first. The initiating peer changes after sending the <em><xref target="messages_request_full" format="title" /></em> message into |
| 1605 | <strong>Full Receiving</strong> state. | 1605 | <strong>Full Receiving</strong> state. |
| 1606 | </t> | 1606 | </t> |
| @@ -1659,7 +1659,7 @@ FUNCTION get_bucket_id (key, number_of_buckets_per_element, ibf_size) | |||
| 1659 | <t> | 1659 | <t> |
| 1660 | The <em><xref target="messages_send_full" format="title" /></em> message is sent by the initiating peer in <strong>Expect SE</strong> state to the receiving peer if | 1660 | The <em><xref target="messages_send_full" format="title" /></em> message is sent by the initiating peer in <strong>Expect SE</strong> state to the receiving peer if |
| 1661 | the operation mode "<xref target="modeofoperation_full-sync" format="title" />" is | 1661 | the operation mode "<xref target="modeofoperation_full-sync" format="title" />" is |
| 1662 | determined as superior <xref target="modeofoperation" format="title" /> and that it is the better choice that the | 1662 | determined as superior <xref target="modeofoperation" format="title" /> and that it is the better choice that the |
| 1663 | peer sends his elements first. The initiating peer changes after sending the <em><xref target="messages_request_full" format="title" /></em> message into | 1663 | peer sends his elements first. The initiating peer changes after sending the <em><xref target="messages_request_full" format="title" /></em> message into |
| 1664 | <strong>Full Sending</strong> state. | 1664 | <strong>Full Sending</strong> state. |
| 1665 | </t> | 1665 | </t> |
| @@ -2557,7 +2557,7 @@ FUNCTION END | |||
| 2557 | <t> | 2557 | <t> |
| 2558 | In order to calculate this plausibility, in Summmermatters paper <xref target="byzantine_fault_tolerant_set_reconciliation" format="default"/> | 2558 | In order to calculate this plausibility, in Summmermatters paper <xref target="byzantine_fault_tolerant_set_reconciliation" format="default"/> |
| 2559 | a formula was developed, which depicts the probability with which one | 2559 | a formula was developed, which depicts the probability with which one |
| 2560 | can calculate the corresponding plausibility based on the number of | 2560 | can calculate the corresponding plausibility based on the number of |
| 2561 | new and repeated elements after each received element. | 2561 | new and repeated elements after each received element. |
| 2562 | </t> | 2562 | </t> |
| 2563 | <t> | 2563 | <t> |