Changes between Version 3 and Version 7 of Ticket #753
- Timestamp:
- 2011-07-28T20:00:40Z (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #753
- Property Keywords newcaps security added
-
Ticket #753 – Description
v3 v7 29 29 In the Tahoe context, {{{C}}} is the number of files you can add to the grid. 30 30 31 In the current case, our 128-bit storage index (N=2 **128) means that p=0.532 gets us a nice large 2 **64number of files, except that p=0.5 is insufficient31 In the current case, our 128-bit storage index (N=2¹²⁸) means that p=0.5 32 gets us a nice large 2⁶⁴ number of files, except that p=0.5 is insufficient 33 33 margin: we'd much prefer a vanishingly small chance of collision, like 34 p=2 **-64. Fortunately we get two bits of margin for every one bit we reduce34 p=2⁻⁶⁴. Fortunately we get two bits of margin for every one bit we reduce 35 35 from C. The table looks like: 36 36 37 37 ||N||numfiles|| ||prob(collision)|| 38 ||96||2 **48||->||2**-1(0.5)||39 ||96||2 **40||->||2**-17||40 ||96||2 **32||->||2**-33||41 ||96||2 **24||->||2**-49||42 ||128||2 **64||->||2**-1(0.5)||43 ||128||2 **56||->||2**-17||44 ||128||2 **48||->||2**-33||45 ||128||2 **32||->||2**-65||46 ||192||2 **96||->||2**-1||47 ||192||2 **80||->||2**-33||48 ||192||2 **64||->||2**-65||49 ||256||2 **128||->||2**-1(0.5)||50 ||256||2 **96||->||2**-65||38 ||96||2⁴⁸||->||2⁻¹ (0.5)|| 39 ||96||2⁴⁰||->||2⁻¹⁷|| 40 ||96||2³²||->||2⁻³³|| 41 ||96||2²⁴||->||2⁻⁴⁹|| 42 ||128||2⁶⁴||->||2⁻¹ (0.5)|| 43 ||128||2⁵⁶||->||2⁻¹⁷|| 44 ||128||2⁴⁸||->||2⁻³³|| 45 ||128||2³²||->||2⁻⁶⁵|| 46 ||192||2⁹⁶||->||2⁻¹|| 47 ||192||2⁸⁰||->||2⁻³³|| 48 ||192||2⁶⁴||->||2⁻⁶⁵|| 49 ||256||2¹²⁸||->||2⁻¹ (0.5)|| 50 ||256||2⁹⁶||->||2⁻⁶⁵|| 51 51 52 52 … … 54 54 top-most cap value (i.e. the readkey for immutable files, or the writekey for 55 55 mutable files). So a DSA-based mutable file with a 92-bit writecap gives us 56 an {{{N}}} of 2 **92, even if it is expanded into a storage-index of 128 or56 an {{{N}}} of 2⁹², even if it is expanded into a storage-index of 128 or 57 57 256 bits. 58 58 59 59 Also note that the allmydata.com grid currently has something like 10M 60 objects in it, about C=2 **23.60 objects in it, about C=2²³. 61 61 62 62 So, I'm thinking that as much as a nice short 96-bit DSA mutable writecap … … 65 65 collision to be so small that I don't ever need to worry about it, and 96 66 66 bits isn't really there. 128 bits is probably good enough, but doesn't have 67 enough margin to be obviously and unquestionably safe (C=2 **32is a lot of68 files but you can imagine people wanting more, p=2 **-64is a tiny probability67 enough margin to be obviously and unquestionably safe (C=2³² is a lot of 68 files but you can imagine people wanting more, p=2⁻⁶⁴ is a tiny probability 69 69 but you can imagine people wanting a bit better). 256 would be plenty (but of 70 70 course I want my filecaps to be shorter than that).