1 unstable release
0.0.1 | Mar 30, 2024 |
---|
#11 in #non-cryptographic
50KB
766 lines
A non-cryptographic "vouching" system
The raffle
library offers functionality similar to public key
signatures, except without any pretense of cryptographic strength.
Rather than signatures, it generates Voucher
s, and while it's not
hard to deliberately forge Voucher
s, accidental forgery seems
implausible.
TL;DR: use real cryptography to defend against motivated bad actors.
Consider raffle
to detect innocent API misuse and buggy code.
The raffle
library lets us pass CheckingParameters
to modules so
that they can check whether a value looks like it was generated by
code with access to the corresponding VouchingParameters
, while
making it implausibly hard for these checking modules to
accidentally generate valid Voucher
s for arbitrary values.
It not hard to back out the VouchingParameters
that'll satisfy a
given set of CheckingParameters
. However, there is no code to do so
in the library, and I don't see that being typed out by accident: the
conversion code would need a few large integer constants that are
unlikely to just appear naturally.
In other words, the library's interface lets us pass parameters for a voucher "checking" capability without also granting "vouching" capabilities (while being able to vouch implies being able to check vouchers), and it's implausible that code would accidentally regain vouching capabilities from voucher-checking parameters.
The parameter space is also large enough that accidental collisions
(i.e., CheckingParameters
accept Voucher
s for the wrong
VouchingParameters
) are much more likely to indicate hardware issues
or deliberate action than mere bad luck or innocent bugs.
Dependencies
~210KB