← Back to context

Comment by keepamovin

4 months ago

The threat model is excellent, except: “The adversary can’t break standard cryptographic primitives”

Let’s assume they can and you can swap in non standard crypto models to frustrate and vex ‘the adversary.’ (Lol: “the adversary”… religious)

More info, the threat model:

  All long-range communication channels (internet, phone network, etc) are comprehensively monitored by the adversary.

  The adversary can block, delay, replay and modify traffic on long-range communication channels.

  The adversary has a limited ability to monitor short-range communication channels (Bluetooth, WiFi, etc).

  The adversary has a limited ability to block, delay, replay and modify traffic on short-range communication channels.

  The adversary can deploy an unlimited number of devices running Briar.

  There are some users who can keep their devices secure - those who can’t are considered, for the purposes of the threat model, to be controlled by the adversary.

  The adversary has a limited ability to persuade users to trust the adversary’s agents - thus the number of social connections between the adversary’s agents and the rest of the network is limited.

  The adversary can’t break standard cryptographic primitives

9 comments

keepamovin

Reply
maqp  4 months ago

>The threat model is excellent, except: “The adversary can’t break standard cryptographic primitives”

>Let’s assume they can

Let's not.

The weak key sizes (<90 bits), broken primitives (SHA-1, MD5, DES), and weak modes of operation (ECB, unauthenticated CBC) are all known.

We know the Grover cuts symmetric key sizes in roughly half, and we know Shor will break classical asymmetric algorithms, so the industry is upping key sizes and moving into hybrid schemes that add post-quantum algorithms.

>non standard crypto models

Here's a thought: Submit your primitive (the rainstorm hash function) into the SHA-4 competition whenever it's due, and win it, or at least become a finalist. Then you don't have to sell it to serious projects as security through obscurity.

Surely you realize Briar is open source so the implementation of your hash function will be available to the attacker, and they can perform cryptanalysis on it to their heart's content? So you can't really get over the fact it needs attention from the professionals.

If you want to be taken seriously, maybe start by improving on attacks over existing algorithms? That distinguishes you from the random cranks who think they've come up with improved schemes.

  • keepamovin  4 months ago

    It seems insufficiently secure to just trust that the people who designed the ciphers you use, and who also are responsible for breaking ciphers at state-level, would tell you if they could break those ciphers. Hahaha :)

    • maqp  4 months ago

      Ok so you have no idea who's vetting the algorithms at competitions. It's the other participants. That's going to be you among others. You get to break apart all the competing algorithms that claim to be better than yours. And they get to show you if yours is the weaker one, as they also want to win the competition.

      Sure, you can't put fox to guard the henhouse that's how you get stuff like DUAL_EC. But that's not the case in modern competitions. They are open to the public, and academic in nature. Everyone gets to analyze them.

      We don't know who you are, what are your credentials, and we don't have any proof of you showing you have what it takes to analyze current standards, let alone create new primitives resistant to cryptanalysis. Until you decide go the long way, you'll find yourself treated as yet another Crown Sterling.

      2 replies →

schoen  4 months ago

"The adversary" is standard terminology in analyzing cryptographic security.

It would be interesting to figure out who introduced it. I looked briefly on Google Scholar, and I see it's used in the modern sense as early as Yao (1982), but it might have been used much earlier. It doesn't appear in the Diffie-Hellman (1976) or RSA (1977) papers.