diff options
Diffstat (limited to 'draft-summermatter-set-union.xml')
-rw-r--r-- | draft-summermatter-set-union.xml | 208 |
1 files changed, 49 insertions, 159 deletions
diff --git a/draft-summermatter-set-union.xml b/draft-summermatter-set-union.xml index df08f7a..95f94a2 100644 --- a/draft-summermatter-set-union.xml +++ b/draft-summermatter-set-union.xml | |||
@@ -2537,155 +2537,25 @@ peers set +---------+ +---------+ +---------+ | |||
2537 | ===>: Always answer needed. | 2537 | ===>: Always answer needed. |
2538 | ]]></artwork> | 2538 | ]]></artwork> |
2539 | </figure> | 2539 | </figure> |
2540 | <!-- CORRECT --> | ||
2540 | <t> | 2541 | <t> |
2541 | A possible implementation of the check in pseudocode could look as follows: | 2542 | In the message control flow its important to ensure that no duplicated message are received |
2543 | (Except inquiries where collisions are possible) and only messages are received which are compliant | ||
2544 | with the flow in <xref target="security_generic_functions_mfc_chain" format="default" />. | ||
2545 | To link messages the SHA-512 element hashes that are part of all messages except in the | ||
2546 | <em><xref target="messages_inquiry" format="title" /></em> message can be used. | ||
2547 | To link an <em><xref target="messages_inquiry" format="title" /></em> message to an | ||
2548 | <em><xref target="messages_offer" format="title" /></em> message | ||
2549 | the SHA-512 hash from the offer has to be salted and converted to the IBF-Key (as described in | ||
2550 | <xref target="ibf_format_id_generation_pseudo_code" format="default" />) this then can | ||
2551 | be matched against the received <em><xref target="messages_inquiry" format="title" /></em> message. | ||
2542 | </t> | 2552 | </t> |
2543 | <figure anchor="security_generic_functions_mfc_code"> | 2553 | <t> |
2544 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 2554 | In the end of the set reconciliation operation after receiving and sending the |
2545 | # ValidStates: | 2555 | <em><xref target="messages_done" format="title" /></em> message it should be checked |
2546 | # The following message states are used to track the message flow. | 2556 | that all demands have been satisfied and all elements have been received. |
2547 | # - NOT_INITIALIZED: Fresh initialized value | 2557 | </t> |
2548 | # - SENT: Element has been sent | 2558 | <!-- CORRECT --> |
2549 | # - EXPECTED: Element is expected | ||
2550 | # - RECEIVED: Element is received | ||
2551 | |||
2552 | # Function to initialize new store | ||
2553 | # Output: | ||
2554 | # Returns empty store | ||
2555 | FUNCTION initialize_store() | ||
2556 | RETURN {} | ||
2557 | FUNCTION END | ||
2558 | |||
2559 | # Function to initialize a store element | ||
2560 | # Output: | ||
2561 | # Returns an empty element for the store | ||
2562 | FUNCTION initialize_element() | ||
2563 | RETURN { | ||
2564 | INQUIRY: NOT_INITIALIZED, | ||
2565 | OFFER: NOT_INITIALIZED, | ||
2566 | DEMAND: NOT_INITIALIZED, | ||
2567 | ELEMENT: NOT_INITIALIZED | ||
2568 | } | ||
2569 | FUNCTION END | ||
2570 | |||
2571 | # Function called every time a new message is transmitted to other peer | ||
2572 | # Input: | ||
2573 | # store: Store created by the initialize_store() function | ||
2574 | # mt: The message that was sent type e.g. INQUIRY or DEMAND | ||
2575 | # hash: The hash of the element which is sent | ||
2576 | # Output: | ||
2577 | # Returns TRUE if the message flow was followed, otherwise FALSE | ||
2578 | FUNCTION send(store, mt, hash) | ||
2579 | |||
2580 | IF NOT hash IS IN store | ||
2581 | store_element = initialize_element() | ||
2582 | ELSE | ||
2583 | store_element = store.get(hash) | ||
2584 | END IF | ||
2585 | |||
2586 | CASE based ON mt | ||
2587 | CASE INQUIRY | ||
2588 | IF store_element.INQUIRY == NOT_INITIALIZED | ||
2589 | store_element.INQUIRY = SENT | ||
2590 | ELSE | ||
2591 | RETURN FALSE | ||
2592 | END IF | ||
2593 | CASE OFFER | ||
2594 | IF store_element.OFFER == NOT_INITIALIZED | ||
2595 | store_element.OFFER = SENT | ||
2596 | store_element.DEMAND = EXPECTED | ||
2597 | ELSE | ||
2598 | RETURN FALSE | ||
2599 | END IF | ||
2600 | CASE DEMAND | ||
2601 | IF store_element.DEMAND == NOT_INITIALIZED AND | ||
2602 | (store_element.INQUIRY == SENT OR | ||
2603 | store_element.INQUIRY == NOT_INITIALIZED) | ||
2604 | store_element.DEMAND = SENT | ||
2605 | store_element.ELEMENT = EXPECTED | ||
2606 | ELSE | ||
2607 | RETURN FALSE | ||
2608 | END IF | ||
2609 | CASE ELEMENT | ||
2610 | IF store_element.ELEMENT == NOT_INITIALIZED AND | ||
2611 | store_element.OFFER == SENT | ||
2612 | store_element.ELEMENT = SENT | ||
2613 | ELSE | ||
2614 | RETURN FALSE | ||
2615 | END IF | ||
2616 | DEFAULT | ||
2617 | RETURN FALSE | ||
2618 | CASE END | ||
2619 | ADD OR UPDATE KEY hash IN store WITH store_element | ||
2620 | RETURN TRUE | ||
2621 | FUNCTION END | ||
2622 | |||
2623 | # Function called every time a new message is received from the other peer | ||
2624 | # Input: | ||
2625 | # store: Store created by the initialize_store() function | ||
2626 | # mt: The message that was received type e.g. INQUIRY or DEMAND | ||
2627 | # hash: The hash of the element which is received | ||
2628 | # Output: | ||
2629 | # Returns TRUE if the message flow was followed, otherwise FALSE | ||
2630 | FUNCTION receive (store, mt, hash) | ||
2631 | IF NOT hash IS IN store | ||
2632 | store_element = initialize_element() | ||
2633 | ELSE | ||
2634 | store_element = store.get(hash) | ||
2635 | END IF | ||
2636 | |||
2637 | CASE based on mt | ||
2638 | CASE INQUIRY | ||
2639 | IF store_element.INQUIRY == NOT_INITIALIZED | ||
2640 | store_element.INQUIRY = RECEIVED | ||
2641 | ELSE | ||
2642 | RETURN FALSE | ||
2643 | END IF | ||
2644 | CASE OFFER | ||
2645 | IF store_element.OFFER == NOT_INITIALIZED | ||
2646 | store_element.OFFER = RECEIVED | ||
2647 | ELSE | ||
2648 | RETURN FALSE | ||
2649 | END IF | ||
2650 | CASE DEMAND | ||
2651 | IF store_element.DEMAND == EXPECTED AND | ||
2652 | store_element.OFFER == SENT | ||
2653 | store_element.DEMAND = RECEIVED | ||
2654 | ELSE | ||
2655 | RETURN FALSE | ||
2656 | END IF | ||
2657 | CASE ELEMENT | ||
2658 | IF store_element.ELEMENT == EXPECTED AND | ||
2659 | store_element.DEMAND == SENT | ||
2660 | store_element.ELEMENT = RECEIVED | ||
2661 | ELSE | ||
2662 | RETURN FALSE | ||
2663 | END IF | ||
2664 | DEFAULT | ||
2665 | RETURN FALSE | ||
2666 | CASE END | ||
2667 | ADD OR UPDATE KEY hash IN store WITH store_element | ||
2668 | RETURN TRUE | ||
2669 | FUNCTION END | ||
2670 | |||
2671 | # Function called when the union operation is finished to ensure that all demands have | ||
2672 | # been fulfilled | ||
2673 | # Input: | ||
2674 | # store: Store created by the initialize_store() function | ||
2675 | # Output: | ||
2676 | # Returns TRUE if all demands have been fulfilled otherwise FALSE | ||
2677 | FUNCTION check_if_synchronisation_is_complete(store): | ||
2678 | FOR element in store.getAll() | ||
2679 | IF element.ELEMENT == EXPECTED OR | ||
2680 | element.DEMAND == EXPECTED | ||
2681 | RETURN FALSE | ||
2682 | IF END | ||
2683 | FOR END | ||
2684 | RETURN TRUE | ||
2685 | FUNCTION END | ||
2686 | |||
2687 | ]]></artwork> | ||
2688 | </figure> | ||
2689 | <t> | 2559 | <t> |
2690 | This is based on <xref target="byzantine_fault_tolerant_set_reconciliation" format="default"/>, section 5.3 (Message Control Flow). | 2560 | This is based on <xref target="byzantine_fault_tolerant_set_reconciliation" format="default"/>, section 5.3 (Message Control Flow). |
2691 | </t> | 2561 | </t> |
@@ -2873,6 +2743,21 @@ END FUNCTION | |||
2873 | abort the protocol if its resource limits are likely to be | 2743 | abort the protocol if its resource limits are likely to be |
2874 | exceeded, or if the size is implausible for the given operation. | 2744 | exceeded, or if the size is implausible for the given operation. |
2875 | </t> | 2745 | </t> |
2746 | <!-- CORRECT --> | ||
2747 | <!-- BUGTRACKER --> | ||
2748 | <t> | ||
2749 | It needs to be checked that that the offset (message field "OFFSET") | ||
2750 | for every received <em><xref target="messages_ibf" format="title" /></em> message | ||
2751 | is strictly monotonic increasing and is a multiple of the MAX_BUCKETS_PER_MESSAGE | ||
2752 | defined in the <xref target="constants" format="title" /> section otherwise the | ||
2753 | connection MUST be aborted. | ||
2754 | </t> | ||
2755 | <t> | ||
2756 | An other sanity check is to ensure that the "OFFSET" message field never | ||
2757 | is a higher than the "IBF SIZE" field in the <em><xref target="messages_ibf" format="title" /></em> | ||
2758 | message. | ||
2759 | </t> | ||
2760 | <!-- CORRECT --> | ||
2876 | </dd> | 2761 | </dd> |
2877 | <dt><xref target="messages_ibf_last" format="title" /></dt> | 2762 | <dt><xref target="messages_ibf_last" format="title" /></dt> |
2878 | <dd> | 2763 | <dd> |
@@ -2882,19 +2767,24 @@ END FUNCTION | |||
2882 | should conclude the transmission of the IBF and a change to the <strong>Active Decoding</strong> | 2767 | should conclude the transmission of the IBF and a change to the <strong>Active Decoding</strong> |
2883 | phase should be ensured. | 2768 | phase should be ensured. |
2884 | </t> | 2769 | </t> |
2770 | <!-- CORRECT --> | ||
2771 | <!-- BUGTRACKER --> | ||
2772 | <t> | ||
2773 | To verify that all IBFs have been received a simple validation can be made | ||
2774 | the number of buckets in the <em><xref target="messages_ibf_last" format="title" /></em> message | ||
2775 | added to the value in the message OFFSET field should always be equal to the "IBF SIZE". | ||
2776 | </t> | ||
2777 | <t> | ||
2778 | Further plausibility checks can be made. One is to ensure that after each active/passive | ||
2779 | switch the IBF can never more than double in size. An other plausibility check is | ||
2780 | is that an IBF probably never will be bigger than the byzantine upperbound multiplied by two. | ||
2781 | The third plausibility check is to take successfully decoded IBF keys (received offers and demands) | ||
2782 | into account and validating the size of the received IBF with the in <xref target="performance_formula_ibf_parameters_code" format="default" /> | ||
2783 | described function get_next_ibf_size(). If any of these three checks fail the operation | ||
2784 | must be aborted. | ||
2785 | </t> | ||
2786 | <!-- CORRECT --> | ||
2885 | </dd> | 2787 | </dd> |
2886 | <!-- FIXME: we can also receive an IBF_LAST in this state, | ||
2887 | here additional sanity checks, like that we have received | ||
2888 | all of the other fragments/parts of the IBF first and | ||
2889 | that the parameters are thus consistent apply. @Christian So we would have | ||
2890 | to transmit the number of IBF slices that will be transmitted first | ||
2891 | to do this check right? Empfangen in mononer rheienfolge und prüfen das | ||
2892 | es der letzte war. Sizes immer gleich? | ||
2893 | Grösse plausible check: | ||
2894 | - initiale bzyantine Upper bound verküpfen auf setsize differenz | ||
2895 | - Wiederholt das ding kann sich nur verdoppeln | ||
2896 | - Genau prüffen durch offer/demands | ||
2897 | --> | ||
2898 | </dl> | 2788 | </dl> |
2899 | </section> | 2789 | </section> |
2900 | 2790 | ||