6 research outputs found
Centralized vs Decentralized Multi-Agent Guesswork
We study a notion of guesswork, where multiple agents intend to launch a
coordinated brute-force attack to find a single binary secret string, and each
agent has access to side information generated through either a BEC or a BSC.
The average number of trials required to find the secret string grows
exponentially with the length of the string, and the rate of the growth is
called the guesswork exponent. We compute the guesswork exponent for several
multi-agent attacks. We show that a multi-agent attack reduces the guesswork
exponent compared to a single agent, even when the agents do not exchange
information to coordinate their attack, and try to individually guess the
secret string using a predetermined scheme in a decentralized fashion. Further,
we show that the guesswork exponent of two agents who do coordinate their
attack is strictly smaller than that of any finite number of agents
individually performing decentralized guesswork.Comment: Accepted at IEEE International Symposium on Information Theory (ISIT)
201
Soft Guessing Under Log-Loss Distortion Allowing Errors
This paper deals with the problem of soft guessing under log-loss distortion
(logarithmic loss) that was recently investigated by [Wu and Joudeh, IEEE ISIT,
pp. 466--471, 2023]. We extend this problem to soft guessing allowing errors,
i.e., at each step, a guesser decides whether to stop the guess or not with
some probability and if the guesser stops guessing, then the guesser declares
an error. We show that the minimal expected value of the cost of guessing under
the constraint of the error probability is characterized by smooth R\'enyi
entropy. Furthermore, we carry out an asymptotic analysis for a stationary and
memoryless source
Centralized vs Decentralized Targeted Brute-Force Attacks: Guessing with Side-Information
According to recent empirical studies, a majority of users have the same, or
very similar, passwords across multiple password-secured online services. This
practice can have disastrous consequences, as one password being compromised
puts all the other accounts at much higher risk. Generally, an adversary may
use any side-information he/she possesses about the user, be it demographic
information, password reuse on a previously compromised account, or any other
relevant information to devise a better brute-force strategy (so called
targeted attack). In this work, we consider a distributed brute-force attack
scenario in which adversaries, each observing some side information,
attempt breaching a password secured system. We compare two strategies: an
uncoordinated attack in which the adversaries query the system based on their
own side-information until they find the correct password, and a fully
coordinated attack in which the adversaries pool their side-information and
query the system together. For passwords of length , generated
independently and identically from a distribution , we establish an
asymptotic closed-form expression for the uncoordinated and coordinated
strategies when the side-information are generated
independently from passing through a memoryless channel ,
as the length of the password goes to infinity. We illustrate our results
for binary symmetric channels and binary erasure channels, two families of
side-information channels which model password reuse. We demonstrate that two
coordinated agents perform asymptotically better than any finite number of
uncoordinated agents for these channels, meaning that sharing side-information
is very valuable in distributed attacks
Centralized vs decentralized multi-agent guesswork
© 2017 IEEE. We study a notion of guesswork, where multiple agents intend to launch a coordinated brute-force attack to find a single binary secret string, and each agent has access to side information generated through either a BEC or a BSC. The average number of trials required to find the secret string grows exponentially with the length of the string, and the rate of the growth is called the guesswork exponent. We compute the guesswork exponent for several multi-agent attacks. We show that a multi-agent attack reduces the guesswork exponent compared to a single agent, even when the agents do not exchange information to coordinate their attack, and try to individually guess the secret string using a predetermined scheme in a decentralized fashion. Further, we show that the guesswork exponent of two agents who do coordinate their attack is strictly smaller than that of any finite number of agents individually performing decentralized guesswork