Determine weight for temporal window for attack as a cost factor #144
Description
Earlier tonight @crwatkins and I discussed the sub-severity benchmark of Temporal Window for Attack, which is a cost factor for an attacker.
The three values we’re considering so far for temporal window attack are:
- Necessarily long
- Long starting when data logging begins
- Necessarily short
Blockchain observer attacks have a necessarily long opportunity for attacks since everyone gets a free copy of the blockchain starting from the genesis block. The cost for the attacker probably goes down over time since hardware will become cheaper and analytics software will become more efficient over time.
Network observer attacks generally require historical logging. There is likely a market of suppliers and buyers for network data, where the suppliers are entities who have done historical logging starting at some point in the past and buyers have not but want to analyze such data. Recent data is probably the cheapest since, as Bitcoin gains popularity, new suppliers are likely to start logging and increase the supply of that data. On the other hand, network data for the first month of Bitcoin is probably very hard to come by (only logged by NSA?).
Therefore we observe that these two categories have different cost curves over time.
However, recent network data is also more pertinent and therefore has greater benefit to most attackers. Old network data will pertain to fewer users and may go beyond some threshold of irrelevance; examples include statutes of limitation or privacy for temporary secrets (buying of stocks, wedding rings, etc.). Therefore, the decreased benefit of old data somewhat counteracts the increased cost of old data, and vice versa for recent data.
As a consequence, we conclude that we should not over-emphasize the weight given to the cost associated with temporal window for attack.
In the draft version of our formulation, this emphasis is fairly limited; it can at most increase the cost factor by 100%, whereas other cost factors can have a much larger impact.