IRC channel logs

2023-04-20.log

back to list of logs

<zimoun>hi!
<civodul>o/
<efraim>ohai
<zimoun>civodul: Congrats for the inveted talk by Galois. :-)
<zimoun>since we talked about that and because pijul was this morming in Leroy’s seminar in College de France, I gave a look to https://pijul.org/manual/theory.html
<zimoun>Other said: “Securing Update Propagation with Homomorphic Hashing”
<zimoun> https://eprint.iacr.org/2019/227.pdf
<civodul>oh, database updates
<civodul>we'd need something like that for the "guix index" database maybe?
<zimoun>Pijul is a DVCS as Git, so I think it is larger than “database updates”. Or securing “guix pull” and “guix install foo” could also be seen as securing a database update. :-)
<zimoun>Especially when considering distributed substitutes and/or Git servers.
<civodul>could be, but it's too abstract for me
<civodul>"git pull" is about synchronizing Merkle DAGs, which have useful properties already
<civodul>dunno
<zimoun>yeah for sure, the issue is that in “distributed” mode, you need to specificy the source of authority. Pijul (implementing stuff à la Darc) tries to have the same resulting “database” but considering that some edges can commute.
<zimoun>Somehow Pijul extends to have more useful properties. :-)
<civodul>yes, it's interesting
<civodul>it's a completely different beast than a Merkle DAG, but it's definitely interesting
<zimoun>If you give a look at the paper, the current implementation is “Approach 1: signing each update“.
<zimoun>Basically, “Approach 3: Efficiently updatable hashing. Ideally, we want to take an approach that provides integrity of updates using a computation that does not depend on the size of the database or the total number of updates.”
<zimoun>then later, “Merkle trees [Mer87] provide a partial solution to this problem.”
<zimoun>So my point is that, instead of TUF and friends that do not apply for the Guix model, maybe we should take inspiration with “secure update propagation of database”.
<civodul>we do have a solution though, and one that's generally applicable :-)
<zimoun>but the solution does not scale.
<zimoun>it depends on the size of the database and on the total number of updates.
<civodul>?
<civodul>kinda like "git pull"?
<civodul>anyway, i don't think we'll address that this afternoon
<civodul>just don't throw the baby with the bath water
<zimoun>for sure not this afternoon, and I am throwing nothing. Just, the Leroy’s courses and seminar are about “Persistant data structure”. https://www.college-de-france.fr/agenda/seminaire/structures-de-donnees-persistantes
<zimoun>And the coincidence with your talk about Securing… at Galois and this seminar makes me think about that: maybe we could improve by reusing stuff.
<civodul>yeah, it's worth looking into that more deeply
<civodul>i really need to look at those talks on persistent data structures too!