[RC5] Do not forget about the cheaters :)

Richard Farmbrough rawkiw at cix.co.uk
Wed Jan 7 18:21:27 EST 2004


I suggested something like this to Bovine in an email  Tue 18/07/2000 
12:03.
Slightly more succinct than the Stanford paper IMHO :-)
(Clearly it doesn't cvoer quite as much ground.)

---------
Jeff,
	One slight problem with a secondary plaintext for inline testing is choice 
of a single solution in a block would still allow a stats inflator to work 
at (on average) double speed, discarding any keys after the inline block. 
 Two solutions are provision of multiple plaintexts (requiring 1-1/(2^n) of 
the work to be done), and statistically providing plaintexts which may or 
may not be in the text .  Combining the two approaches would provide rapid 
identification of bogus clients.

E.G.

Plaintext (Public)  Position (private)

p1 		P1	
p2		Does not exist
p3		P2
p4		Does not exist.

I can see no way of a client providing the private information back to the 
server without either completing the block, or substantially completing and 
guessing the remaining keys do not exist.

Even a single "maybe" plaintext is very powerful over the course of a small 
number of blocks.

Hope this is of use.
	
	Rgds,

		Richard Farmbrough


-----Original Message-----
From:	Decio Luiz Gazzoni Filho [SMTP:decio at revistapcs.com.br]
Sent:	07 January 2004 21:43
To:	D.net Discussion
Subject:	Re: [RC5] Do not forget about the cheaters  :)

[...]

It needn't be that way. Some Stanford researchers published a paper at the 
RSA
Conference 2001 (which, by the way, was already noticed by the guy who
released the hacked client back then). It's available at

http://crypto.stanford.edu/~pgolle/papers/distr.pdf

for anyone who cares about the gory details. For those who don't, in short, 
it's possible to detect cheaters with very high probability and minimal
overhead. And it's easy to implement too, particularly considering the 
system
that is currently in place.

Decio


---
This mail has been checked for viruses, by Richard, but you should ensure 
your system check all incoming mail itself.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.532 / Virus Database: 326 - Release Date: 27/10/2003




More information about the rc5 mailing list