Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Naive secret sharing would allow for "jamming" on a non-physical level #324

Open
mariusfrinken opened this issue Jun 15, 2020 · 0 comments

Comments

@mariusfrinken
Copy link

mariusfrinken commented Jun 15, 2020

While you suggest secret sharing to prevent an attacker from gathering EphIDs from a remote location or during short, close encounters, I think it should be considered that this allows for a method of "jamming" i.e. disturbing the exchange/broadcasting of EphIDs.

As described in #156 , all shares sent from A need to be linkable to A to compute the EphID.
In a naive setting, the packages would look like "MAC || share_i", where the MAC is obviously randomized at the beginning of every epoch.
What prevents an attacker, that successfully eavesdrops only one of these packages, to simply spoof the MAC and send multiple messages structured like this "MAC || bogus-share"?

To mitigate the issue, maybe verifiable secret sharing may work...

The issue is, the whitepaper argues that an attacker may not see enough (>= k) shares to successfully compute an EphID, but in such a naive setting, seeing one share may be enough to prevent someone from computing the correct EphID.

In the approaches without secret sharing, jamming can only happen on a physical level, if B does not get what A sends.
But with secret sharing, A sends s_0,s_1,s_2,s_3, ..., s_n and if C is allowed to implant s_e and B cannot distinguish, that is verifying a proof, whether s_e was sent from A or not, C has found a way to potentially jam the whole EphID exchange, resulting in B storing an incorrect EphID for A.

This form of jamming does not rely on physical jamming (i.e. sending a stronger signal on the same frequency) and appears to be rather hard to detect to me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant