first implementation of the teamchain auditor #13544
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
There's a bug somewhere in here that CI just found, likely in kbweb, so I added more debugging here: https://github.com/keybase/keybase/commit/3b566ab66f8290f5d39e44ff0a3d6e763883d3d0 |
heronhaye
reviewed
Sep 5, 2018
heronhaye
reviewed
Sep 5, 2018
|
ah, I confused math/rand with crypto/rand, you're right.
…On Wed, Sep 5, 2018 at 4:17 PM Maxwell Krohn ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In go/teams/audit.go
<#13544 (comment)>:
> + return nil
+ }
+ for _, tuple := range probeTuples {
+ m.CDebugf("preProbe: checking probe at merkle %d", tuple.merkle)
+ if tuple.team != keybase1.Seqno(0) || !tuple.linkID.IsNil() {
+ return NewAuditError("merkle root at %v should have been nil for %v; got %s/%d",
+ tuple.merkle, history.ID, tuple.linkID, tuple.team)
+ }
+ }
+ return nil
+}
+
+func randSeqno(lo keybase1.Seqno, hi keybase1.Seqno) (keybase1.Seqno, error) {
+ rng := hi - lo + 1
+ rngBig := big.NewInt(int64(rng))
+ n, err := rand.Int(rand.Reader, rngBig)
thanks for checking this, though I believe it is!
—
You are receiving this because your review was requested.
Reply to this email directly, view it on GitHub
<#13544 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AbYebpFIht9a3Q_iuR2EFvtylQyuYuCRks5uYDE_gaJpZM4WVw2d>
.
|
heronhaye
reviewed
Sep 5, 2018
mlsteele
reviewed
Sep 5, 2018
go/teams/audit.go
Outdated
| // ProbabilisticMerkleTeamAudit runs an audit on the links of the given team chain (or subchain). | ||
| // The security factor of the audit is a function of the platform type, and the amount of time | ||
| // since the last audit. This method should use some sort of long-lived cache (via local DB) so that | ||
| // previous audits can be combined with the current one. | ||
| func ProbabilisticMerkleTeamAudit(m libkb.MetaContext, id keybase1.TeamID, startMerkleSeqno keybase1.Seqno, chain []SCChainLink) (err error) { | ||
| return errors.New("stubbed out") | ||
| func (a *Auditor) AuditTeam(m libkb.MetaContext, id keybase1.TeamID, isPublic bool, headMerkle keybase1.MerkleRootV2, chain map[keybase1.Seqno]keybase1.LinkID, maxSeqno keybase1.Seqno) (err error) { |
There was a problem hiding this comment.
Comment ProbabilisticMerkleTeamAudit -> AuditTeam
There was a problem hiding this comment.
Does subchain in the comment mean slice like for users or pick and choose like high set?
There was a problem hiding this comment.
comment to remember what these args are
- headMerkle: merkle root claimed by the first link in the team
- maxSeqno: seqno of the tail of the team sigchain
There was a problem hiding this comment.
no, it's just the most recent chain links we got from the server.
maxtaco
force-pushed
the
maxtaco/CORE-8466
branch
from
1553855
to
5bc6951
Compare
|
@mlsteele / @heronhaye ok or do you guys want to keep reviewing? |
- the goal of the teamchain auditor is to prevent the server from pulling off an "odd/even" attack. That is, when showing team acme to alice, the server sends even merkle roots, that show view A of the team. When showing team acme to bob, the server sends odd merkle roots, that show view B of the team. Where A and B might not agree at all. The server can hide these patterns in the merkle tree in arbitrary ways, with the goal to get alice and bob to see two different ideas of the same team, without forking the merkle tree globally. - our approach is for alice and bob to make random "probes". the probe the team before the team was created, the time after the team was created, and ensure a consistent view. - after 1000 new merkle roots, the audit repeats, with alice and bob idependently auditing the recent roots. - for now, we've hardcoded parameters, but we'll likely want to tune them in the future. - write all audit results to disk cache.
maxtaco
force-pushed
the
maxtaco/CORE-8466
branch
from
36d124e
to
371a387
Compare
maxtaco
added a commit
that referenced
this pull request
Sep 6, 2018
- the goal of the teamchain auditor is to prevent the server from pulling off an "odd/even" attack. That is, when showing team acme to alice, the server sends even merkle roots, that show view A of the team. When showing team acme to bob, the server sends odd merkle roots, that show view B of the team. Where A and B might not agree at all. The server can hide these patterns in the merkle tree in arbitrary ways, with the goal to get alice and bob to see two different ideas of the same team, without forking the merkle tree globally. - our approach is for alice and bob to make random "probes". the probe the team before the team was created, the time after the team was created, and ensure a consistent view. - after 1000 new merkle roots, the audit repeats, with alice and bob idependently auditing the recent roots. - for now, we've hardcoded parameters, but we'll likely want to tune them in the future. - write all audit results to disk cache. - merge by hand since github is down - also @mlsteele might have further comments
brayoh
pushed a commit
that referenced
this pull request
Sep 6, 2018
- the goal of the teamchain auditor is to prevent the server from pulling off an "odd/even" attack. That is, when showing team acme to alice, the server sends even merkle roots, that show view A of the team. When showing team acme to bob, the server sends odd merkle roots, that show view B of the team. Where A and B might not agree at all. The server can hide these patterns in the merkle tree in arbitrary ways, with the goal to get alice and bob to see two different ideas of the same team, without forking the merkle tree globally. - our approach is for alice and bob to make random "probes". the probe the team before the team was created, the time after the team was created, and ensure a consistent view. - after 1000 new merkle roots, the audit repeats, with alice and bob idependently auditing the recent roots. - for now, we've hardcoded parameters, but we'll likely want to tune them in the future. - write all audit results to disk cache. - merge by hand since github is down - also @mlsteele might have further comments
mmaxim
pushed a commit
that referenced
this pull request
Sep 6, 2018
- the goal of the teamchain auditor is to prevent the server from pulling off an "odd/even" attack. That is, when showing team acme to alice, the server sends even merkle roots, that show view A of the team. When showing team acme to bob, the server sends odd merkle roots, that show view B of the team. Where A and B might not agree at all. The server can hide these patterns in the merkle tree in arbitrary ways, with the goal to get alice and bob to see two different ideas of the same team, without forking the merkle tree globally. - our approach is for alice and bob to make random "probes". the probe the team before the team was created, the time after the team was created, and ensure a consistent view. - after 1000 new merkle roots, the audit repeats, with alice and bob idependently auditing the recent roots. - for now, we've hardcoded parameters, but we'll likely want to tune them in the future. - write all audit results to disk cache. - merge by hand since github is down - also @mlsteele might have further comments
mlsteele
approved these changes
Sep 7, 2018
|
No, we should try to come up with a proof of some sort given my back-of-the-envelope calculations. The logic is similar to Miller-Rabin primality testing. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
alice, the server sends even merkle roots, that show view A of the team. When showing team acme to bob, the server sends odd
merkle roots, that show view B of the team. Where A and B might not agree at all. The server can hide these patterns in the
merkle tree in arbitrary ways, with the goal to get alice and bob to see two different ideas of the same team, without forking
the merkle tree globally.
team was created, and ensure a consistent view.