Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure xor hashes #4092

Closed
AurelienFT opened this issue Jun 15, 2023 · 5 comments · Fixed by #4137
Closed

Secure xor hashes #4092

AurelienFT opened this issue Jun 15, 2023 · 5 comments · Fixed by #4137
Labels
p1

Comments

@AurelienFT
Copy link
Contributor

After further study with Seb, there is a way to make the XOR secure against the algorithm we mentioned.
The paper states an attack complexity of O(2^'2sqrt(n)) where n is the number of bits of the hash.

So if we want a 128 bit security (the same as the one of 256bit hash collisions) we need to increase the hash size to n=4096bits which is 512 bytes. (that's a big hash !). This can be done with the blake3 crate using XOF extensions, see the "extended output" example in https://docs.rs/blake3/latest/blake3/#examples

Originally posted by @damip in #3852 (comment)
@Leo-Besancon Leo-Besancon mentioned this issue Jun 16, 2023
Closed
@damip
Copy link
Member

damip commented Jun 19, 2023
edited
Loading

We should remove the XOR operator we added to MassaHash to avoid errors

@AurelienFT AurelienFT added the p1 label Jun 19, 2023
@Leo-Besancon
Copy link
Collaborator

Adapting the code to use extended hash for the db xor seems relatively straightforward, but I was thinking about what we print in the node. Printing 512 bytes of hash every slot on finalize() seems too much, but I assume everything else (such as printing the first and last bytes, but cutting out the middle) would decrease the security?

@damip
Copy link
Member

damip commented Jun 21, 2023
edited
Loading

Adapting the code to use extended hash for the db xor seems relatively straightforward, but I was thinking about what we print in the node. Printing 512 bytes of hash every slot on finalize() seems too much, but I assume everything else (such as printing the first and last bytes, but cutting out the middle) would decrease the security?

This is what printing the whole thing would look like:

268fLe9QDjspF4qK49vappFjSNn41QCMEAGvbiMqgoYdYFY9N7djSXcdKqAkFHepKRZyYcaGdTqqeRtmRsB8ZLTsxceT3rW7MvRhpAroRfqfREqvHeNbxKrDNDbCSk36DP8iohqC14CkW7uHQio7t7d4ESRGupytpqBgGgNuLXqnhfNGC6UP1TTgf4762iJm43MhznjnVz7LgcBp2iRwhXrnci9XFEiEy21KSzkCnyGKJJgL4MVoFVu3KK7AriqV4KBw7GcszmzKb1U8qsRApiwMzrei3XquWb3zWsGBHDWDa4aY26xKoCtUMeJTt1uaRhQnVKw1NToeWa5y5MhCoNNXpqSgFqtE4aV7tYzb75bpVJxgW2BDBThvZPZZw7HYCBj1hb7GNa9FeyT9cassSczYQXTMvNcXBJ3YVvQw5rBomqBA1NaxzYH1NVFJxDZ6rZnLUjfDyumgzBNRG31bFKHLCLTtqptETnPXuVT6mrReyuq1RkVXqigkEZB44AiXDqbnTADiCCBaoU9Lo39CcK5rFJjnQntJJWVztqhHJUUufaK3BPAyYVqso3EcmLUWv2cRLn6h4amFKUHdLuS2XdUMBNL8LGX8aShHiZfbCfhviKHH9pR5QD76AXo27JvU73W5mQVbcp1eiMenEPT5reh68bzbYUv2skDpeS4NfnJVtbof17dHCdG8NNgJ

so what I recommend is to print the normal hash of the big hash :) (but just for the logs !!)

@Leo-Besancon Leo-Besancon linked a pull request Jun 21, 2023 that will close this issue
Use XOF hash in the DB #4137
Merged
7 tasks
@AurelienFT
Copy link
Contributor Author

Oops forgot to make :

so what I recommend is to print the normal hash of the big hash :) (but just for the logs !!)

@AurelienFT AurelienFT mentioned this issue Jun 26, 2023
Merged
7 tasks
@AurelienFT
Copy link
Contributor Author

Done in #4137 and #4155

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
p1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use XOF hash in the DB massalabs/massa
3 participants
@damip @Leo-Besancon @AurelienFT