在 Kademlia 中，为什么建议使用 160 位节点 ID 和密钥而不是 128 位? [英] In Kademlia, why is it recommended to have 160-bit node IDs and keys and not 128-bit?

问题描述

Kademlia 论文指出，节点被分配了随机的 160 位 ID 和密钥.这是严格的限制吗?如果我觉得足够好，我还能继续使用 128 位密钥空间吗?

解决方案

选择长度是因为 SHA1，用作哈希表键的哈希函数，输出 160 位，这是当时使用最广泛的哈希函数.

路由算法本身不需要特定的长度才能工作，它只需要足够大的密钥空间以避免随机选择的 ID 中的冲突.128 位 ID 将提供 64 位冲突空间，这应该足够除非您打算解决灰色粘液.>

但除了路由算法本身之外，加密问题也可能是相关的.使用加密的网络受​​益于节点 ID 是节点公钥的两倍，并且通常部署的 ECC 算法需要至少 256 位的公钥.此外，对(目前假设的)量子攻击的抵抗力将推荐的散列函数大小夸大到远远超过 128 位，因为它们会将抗碰撞性从经典的 N/2 降低到 N/3攻击.

The Kademlia paper states that nodes are assigned random 160-bit IDs as well as the keys. Is this a strict restriction? Can I still go ahead and use a 128-bit keyspace if that's good enough from me?

解决方案

The length was chosen because SHA1, used as hash function for the hash table keys, outputs 160bits and that was the most widely used hash function at the time.

The routing algorithm itself does not require that specific length to work, all it needs is the key space being large enough to avoid collisions in randomly chosen IDs. 128bit IDs would provide 64bits of collision space, which should be sufficient unless you intend to address grey goo.

But in addition to the routing algorithm itself cryptographic concerns may also be relevant. Networks that use encryption benefit from node IDs doubling as the node's public key and commonly deployed ECC algorithms require public keys of at least 256 bits. Additionally resistance against (currently hypothetical) quantum attacks has inflated recommended hash function sizes well beyond 128 bits since they would cut collision resistance to N/3 down from N/2 for classical attacks.

这篇关于在 Kademlia 中，为什么建议使用 160 位节点 ID 和密钥而不是 128 位?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！