Merge pull request #150 from SmithSamuelM/revised-format

added images
trustoverip · Feb 16, 2024 · e1e9cb4 · e1e9cb4
2 parents cd99e79 + adf3832
commit e1e9cb4
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 6 deletions.
diff --git a/images/ExploitDead.png b/images/ExploitDead.png
diff --git a/images/ExploitLive.png b/images/ExploitLive.png
diff --git a/spec/spec.md b/spec/spec.md
@@ -1553,9 +1553,9 @@ To summarize, an alternate but verifiable version of a rotation event would be d
 
 As a special case, to even better protect the initial keypairs in an inception event from a Dead-attack, a controller may coincidently create both the inception event and an immediately following rotation event and then emit them together as one. The initial (original incepting) keypairs may be discarded (including removing all traces from signing infrastructure) after creation but before emission of the coincident events, thereby minimizing the exposure to Dead Attack of these initial keypairs.
 
-::: issue
-Diagram Dead-Attack Exploit
-:::
+
+![Establishment Dead-Attack](assets/ExploitDead.png)
+
 
 #### Live-Attacks
 
@@ -1575,6 +1575,9 @@ To elaborate, a successful live exploit must compromise the unexposed next set o
 
 Given the cryptographic strength of the key generation algorithm, a successful brute force live attack may be computationally infeasible.  Hiding the unexposed next (pre-rotated) public keys behind cryptographic strength digests provides an additional layer of protection not merely from pre-quantum brute force attacks but also from surprise post-quantum brute force attacks. In this case, a brute force attack would first have to invert the post-quantum resistant one-way hashing function used to create the digest before it may attempt to invert the one-way public key generation algorithm. Moreover, as computation capability increases, the controller can merely rotate to correspondingly strong quantum-safe cryptographic one-way functions for key generation. This makes brute force live attack computationally infeasible indefinitely. For more detail see the Annex on Cryptographic Strength.
 
+![Establishment Live-Attack](assets/ExploitLive.png)
+
+
 #### Delegated Event Live-attacks
 
 Notwithstanding the foregoing section, delegated events are provided with an additional layer of protection against and an additional means of recovery from establishment Live-attack exploits.  As described previously, a delegated event is only valid if the validator finds an anchored delegation seal of the delegated establishment event in the delegator's KEL. This means that notwithstanding a successful compromise of the Delegatee's current set of pre-rotated keys, the attacker is not able to issue a valid compromised rotation event. The attacker must also issue a delegation seal of the compromised rotation event in the delegator's KEL. This means the attacker must either induce the delegator to issue a seal or must also compromise the delegator's signing keys. This provides an additional layer of protection from establishment Live-attack for delegated events.
@@ -1725,9 +1728,6 @@ The latest-seen delegated rotation constraint in B. means that any earlier deleg
 
 For example, in the diagram below, a rotation event at the same location may supersede an interaction. This enables recovery of live exploit of the exposed current set of authoritative keys used to sign non-establishment events via a rotation establishment event to the unexposed next set of authoritative keys. The recovery process forks off a disputed branch from the recovered trunk. This disputed branch has the compromised events, and the main trunk has the recovered events.
 
-::: issue
-Diagram Here
-:::
 
 ### KERI's Algorithm for Witness Agreement (KAWA)