IETF Logo Mail Archive

Re: [Eligibility-discuss] On 3797 alternatives

Eric Rescorla <ekr@rtfm.com> Wed, 31 May 2023 18:30 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: eligibility-discuss@ietfa.amsl.com
Delivered-To: eligibility-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E7D7C151089 for <eligibility-discuss@ietfa.amsl.com>; Wed, 31 May 2023 11:30:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.896
X-Spam-Level:
X-Spam-Status: No, score=-6.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20221208.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lA_WCd5vHXEu for <eligibility-discuss@ietfa.amsl.com>; Wed, 31 May 2023 11:30:23 -0700 (PDT)
Received: from mail-yw1-x1129.google.com (mail-yw1-x1129.google.com [IPv6:2607:f8b0:4864:20::1129]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34E9CC15106E for <eligibility-discuss@ietf.org>; Wed, 31 May 2023 11:30:17 -0700 (PDT)
Received: by mail-yw1-x1129.google.com with SMTP id 00721157ae682-568900c331aso45075307b3.3 for <eligibility-discuss@ietf.org>; Wed, 31 May 2023 11:30:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20221208.gappssmtp.com; s=20221208; t=1685557816; x=1688149816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=63jcqCzCWiL1nQWWqOGRYVa2aKs7PJSBuhRxiVqXDS4=; b=QEO0txaFqgZju2XZrxf8VU2wH/3kCaGcbe2U0RH1uo9lyMoqrvaLoNFW9LE5Vkpdfr 2lJZ2VriXec87mkXDS1LEYjBJcJ3xIymu3eKYPRg+tLK532RANwUzxVodXq/1ValJxOh QUFmDOPVtRnUfGcA64JTlLg0L3kOOi7tPyXk6EGoeG/dGjx+oYorEQl79L0qWOrpu7eu H/9GbdguUH6bZ1Hw5wYJZYj2QjrxO9JDyH9PRmbr6mYs6PNm1gF/KpKvvt6TBVRPzuWW 9ziYaFtgJZSbDSk3n2GeeSITVcaxjuQLkJ/bHCYndlbtbKR6zfG5fPVRMy07nD4zR9T+ j+sg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685557816; x=1688149816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=63jcqCzCWiL1nQWWqOGRYVa2aKs7PJSBuhRxiVqXDS4=; b=C4KQjSZKvwUTqHQpi6nc+VmSCqtGXKHuWx1qsPVFuQsiZePcQAhYo9ncsc4PrD06O3 V3I/hAjU/snREx85EnWsPryVk0WZev6+wm5UrZ0Ryx6TvVDPtsGTXl+BScjsazGhXaCY r1fyWFp94Sew+L0w9/NjQRDmCHRhvSzOgm+xf5M0dmC4uUymKhZjeCKjBtQRW/ciKNZw fOqLakV8eznUfETkJUAka5CuGFFLI2FMpVCfAugtfqD7iG3K1+OMntfapGRFu1z4rFQQ z7i5RuoqFnrGqgbELvO1QvQi4TeNmsj6fqaBcTtFLdzbm3KWZNvBXveV17msCqWk4uWs 2bwQ==
X-Gm-Message-State: AC+VfDz00MXjbQWO/bdkuwaEwZ8JkzafXFxZ/8nsN2XQol9sfOEOQz1C T1JVEd9G6NqO9fw73e6sh3Kv8asXJ9KiT6H0D83W6g==
X-Google-Smtp-Source: ACHHUZ7mc/R/7/ONPi7w3KAJIjBtUI6hjdsvrBjW198Be03nZXCQCaPWDRsYzph2oKccqscJAuv1DKfzm4hoUo5YpuE=
X-Received: by 2002:a0d:d9d5:0:b0:559:e8c2:6a1a with SMTP id b204-20020a0dd9d5000000b00559e8c26a1amr6630957ywe.18.1685557816374; Wed, 31 May 2023 11:30:16 -0700 (PDT)
MIME-Version: 1.0
References: <54F373CD-1E97-42BC-9AAB-0451ABD9D448@eggert.org> <1229DD7D-3640-4EFD-8058-D0EC18020038@eggert.org> <18537EEF-4E16-4C48-8456-02A8FB0C8CFC@vpnc.org> <4a8f2bb4-25c3-5514-f13f-8db1804619a6@joelhalpern.com> <0531CD69-AAA4-4657-9B90-B50F76D997B7@vpnc.org> <ffa1d82b-a22b-f68f-5000-6a1ca437d147@joelhalpern.com> <B953359D-72A9-4032-857E-490AEAF60C4A@vpnc.org> <2745cf30-098d-4a3a-9e9e-3c3c44179176@app.fastmail.com> <CAF4+nEGL0_h-iagUxhyxh2FJdz=QUi5JQr6XdPj-Q=q8Rov0XQ@mail.gmail.com> <9d9b0e70-c7ca-4602-8862-33165522497c@app.fastmail.com> <896FF479-E5B7-4A31-95AE-376CCE2591C9@akamai.com> <CABcZeBN7XyRknvkg9TfvTCx3rGEpLtWynE7-eaufhmcEmnDHtA@mail.gmail.com> <30f8a4a3-2a3c-4560-abe5-63ee0c4366d4@app.fastmail.com> <9DCA0EF0-8E99-4A33-ABAB-45997C96002F@akamai.com> <CABcZeBOS1zAmS664bQAiAZPhN5-Hr6OTbv6UZu+Ai9zwsps_CQ@mail.gmail.com> <09B9FC9D-9124-41CB-A47A-2B36FCFF688B@akamai.com>
In-Reply-To: <09B9FC9D-9124-41CB-A47A-2B36FCFF688B@akamai.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 31 May 2023 11:29:40 -0700
Message-ID: <CABcZeBNn4UvwX3H2Go_0Hb-6=mjD5jpi=9709rNJn3-R-pCnZg@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: Martin Thomson <mt@lowentropy.net>, Donald Eastlake <d3e3e3@gmail.com>, "eligibility-discuss@ietf.org" <eligibility-discuss@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e4cce205fd018239"
Archived-At: <https://mailarchive.ietf.org/arch/msg/eligibility-discuss/ZRguyYn6-w7qgQWxP5NSUQ_TOZ4>
Subject: Re: [Eligibility-discuss] On 3797 alternatives
X-BeenThere: eligibility-discuss@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF eligibility procedures <eligibility-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/eligibility-discuss>, <mailto:eligibility-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/eligibility-discuss/>
List-Post: <mailto:eligibility-discuss@ietf.org>
List-Help: <mailto:eligibility-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/eligibility-discuss>, <mailto:eligibility-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 May 2023 18:30:24 -0000

Hi Rich,

I think perhaps we are talking past each other.

I'm just using the example of known seeds as an intuition pump. The attack
I'm actually concerned
about is one in which the attacker takes the known list and precomputes all
possible seeds and then
determines which input list has the highest probability of a favorable
nomcom and then does strategic
withdrawals to produce that list.

-Ekr

On Wed, May 31, 2023 at 11:12 AM Salz, Rich <rsalz@akamai.com> wrote:

>
>
> The attack I have in mind is that you have a pool of (say) 10
> nomcom-qualified people.
>
> They all volunteer at the beginning and so are on the list. Then once the
> rest of the list
>
> is set, you run the numbers and find the optimal set of people to withdraw
> to get the
>
> most favorable distributional outcome for the selection process.
>
>
>
> It should be obvious that this is worthwhile if the randomness is known in
> advance: you
>
> get to choose between 1024 different nomcoms. I haven't run the numbers
> and so am
>
> not really sure how many bits of randomness you need to make this attack
> ineffective
>
> with a pool of attackers of size N [0]
>
>
>
> I think in general, the delay between the seeds being known, and the
> choices being made, is a day or two. Is that enough time to mount the
> attack? Without being known? I’m skeptical. But perhaps someone else will
> be nerd-sniped into determining the number of bits needed to make it
> ineffective.
>
>
>

v2.23.0 | Report a Bug | By Email