next-generation programming platform, currently in development

Twitter . GitHub . RSS

How would a hash collision be handled in Unison?

Here’s a question, what happens if there’s a collision with the hashing scheme used by Unison. What would happen, and is this something we should worry about?

Currently, Unison is using SHA3-512. Assuming it’s a good hash function, the odds of a collision are astronomically low—2-512, or about 10-154. To put this number in perspective, here are some much more worrisome low-probability events:

All right, now that we’re purely in the realm of sci-fi, here’s what would actually happen in the event of a hash collision:

More realistically, suppose that due to weakness in the hash function a nefarious attacker manages to find a collision, a definition evilFunction with the same hash as innocuousFunction. They need to get it to your node somehow. However, they have no way of doing that! The remote evaluation protocol won’t accept a foreign hash if the local node already has that hash locally. And any unknown hashes accepted from foreign nodes are deemed ‘provisional’ and will be used only for evaluating the foreign computation, unless you explicitly decide to trust these hashes and promote them to be runnable in some other sandbox. The exact design of this is somewhat TBD, but the general idea is that you must opt in to each definition you want to trust. Foreign nodes cannot cause definitions to arrive on your node with a higher level of trust than you’ve explicitly assigned.

comments powered by Disqus