On Tue, Sep 30, 2014 at 6:29 AM, Prateek Mittal pmittal@princeton.edu wrote:
- The *increase* to descriptor size is not well factored in to the
analysis.
4.b. All of the Directory Authorities would need to sign each andevery descriptor by itself. This would result in the current microdescriptors, which are sized from roughly 900 bytes to some of the larger ones which are 2.5 KB, increasing in size by roughly 4 KB (that's the size of the DirAuth signatures on the current consensus).
I am not sure which signature scheme you are considering. In the paper, we talk about threshold BLS signatures, which have only 22 byte overhead. (This might increase for better security guarantees, but 4KB overhead seems very conservative.)
You can make this even lower because every PIR query returns a block which is roughly square root the size of the entire database; you would only need to have a signature on each block.
- Nikita