[messaging] Group messaging consistency under resource constraints

Trevor Perrin trevp at trevp.net
Mon Oct 20 10:10:00 PDT 2014

On Mon, Oct 20, 2014 at 8:11 AM, Ximin Luo <infinity0 at pwned.gg> wrote:
> On 10/10/14 23:09, Trevor Perrin wrote:
>> On Fri, Oct 10, 2014 at 1:21 PM, Ximin Luo <infinity0 at pwned.gg> wrote:
>>> On 10/10/14 21:06, Trevor Perrin wrote:
>>>> [1] https://moderncrypto.org/mail-archive/messaging/2014/000372.html
> Here is another example of an attack scenario. Hopefully, this demonstrates more obviously, that the [1] scheme proposed makes certain consistency attacks invisible to some of the victims:
> Alice: (1) So let's discuss Dual EC DRBG (last-message-seen: 0) # to everyone except David
> Alice: (1A) So let's discuss Fortuna (last-message-seen: 0) # to David only
> Bob:   (2) Do you think this RNG is suitable, David? (last-message-seen: 1) # to everyone
> # David is feeling lazy today and doesn't want to wait for the warning to disappear nor to slow down the conversation.
> # Besides, nothing bad happened with the last 37 warnings. Also, Bob is a totally trustworthy friend, right?
> David: (3) Yeah it's suitable, let's go with that. (last-message-seen: 2) # to everyone
> Alice: (4) OK, sounds good. Team, you heard our advisor. Make it so! (last-message-seen: 3)
> Everyone else except David sees 1<-2<-3<-4 with no warnings.

David's "Yeah" should have last-messages-seen: 1A, 2.  So people are
warned on receiving "Yeah" that they're missing context (1A).

([1] wasn't clear that a message could reference multiple parents, but
I'm pretty sure that's what was meant).


More information about the Messaging mailing list