[RC5] Do not forget about the cheaters :)

Slawek sgp at telsatgp.com.pl
Fri Jan 9 05:34:33 EST 2004


The simplest possible method of verifying the clients
is making them report CMCcount for each block tested.

Some blocks may be sent to other used for recheck
and/or checked by d.net staff and results compared.

This has no overhead for the client as CMCcount
is already counted by all the cores.

To break this the cracker would need to break rc5
rendering all of the distributed.net rc5 work useless.

Attacker may be able to guess CMCcount once or twice
but it's virtually not possible to constantly guess it.


/Slawek


----- Original Message ----- 
From: "Richard Farmbrough" <rawkiw at cix.co.uk>
To: "'D.net Discussion'" <rc5 at lists.distributed.net>
Sent: Thursday, January 08, 2004 12:21 AM
Subject: RE: [RC5] Do not forget about the cheaters :)


> I suggested something like this to Bovine in an email  Tue 18/07/2000
> 12:03.
> Slightly more succinct than the Stanford paper IMHO :-)
> (Clearly it doesn't cvoer quite as much ground.)
>
> ---------
> Jeff,
> One slight problem with a secondary plaintext for inline testing is choice
> of a single solution in a block would still allow a stats inflator to work
> at (on average) double speed, discarding any keys after the inline block.
>  Two solutions are provision of multiple plaintexts (requiring 1-1/(2^n)
of
> the work to be done), and statistically providing plaintexts which may or
> may not be in the text .  Combining the two approaches would provide rapid
> identification of bogus clients.
>
> E.G.
>
> Plaintext (Public)  Position (private)
>
> p1 P1
> p2 Does not exist
> p3 P2
> p4 Does not exist.
>
> I can see no way of a client providing the private information back to the
> server without either completing the block, or substantially completing
and
> guessing the remaining keys do not exist.
>
> Even a single "maybe" plaintext is very powerful over the course of a
small
> number of blocks.
>
> Hope this is of use.
>
> Rgds,
>
> Richard Farmbrough
>
>
> -----Original Message-----
> From: Decio Luiz Gazzoni Filho [SMTP:decio at revistapcs.com.br]
> Sent: 07 January 2004 21:43
> To: D.net Discussion
> Subject: Re: [RC5] Do not forget about the cheaters  :)
>
> [...]
>
> It needn't be that way. Some Stanford researchers published a paper at the
> RSA
> Conference 2001 (which, by the way, was already noticed by the guy who
> released the hacked client back then). It's available at
>
> http://crypto.stanford.edu/~pgolle/papers/distr.pdf
>
> for anyone who cares about the gory details. For those who don't, in
short,
> it's possible to detect cheaters with very high probability and minimal
> overhead. And it's easy to implement too, particularly considering the
> system
> that is currently in place.
>
> Decio
>
>
> ---
> This mail has been checked for viruses, by Richard, but you should ensure
> your system check all incoming mail itself.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.532 / Virus Database: 326 - Release Date: 27/10/2003
>
>
> _______________________________________________
> rc5 mailing list
> rc5 at lists.distributed.net
> http://lists.distributed.net/mailman/listinfo/rc5
>
>




More information about the rc5 mailing list