Lack of formal threat model

[dglittle]

SIV needs a more formal threat model.

Formally stating what adversaries you expect to prevent what sorts of attacks is a really important part of designing any cryptographic system. When examining SIV, I found it difficult to understand what the actual threat model is, and when SIV / the observers / the cryptography were intended to prevent some attack by some adversary with what power, and what steps a voter was supposed to take in the event that they see an issue.

One way of thinking about this would be to enumerate what actors are supposed to do what in the system, and what assumptions the system makes about the maliciousness of each. This is standard practice in cryptography, and, without one, I really can’t provide a great analysis of the system.

Originally posted by @mspecter in #195

[arianabuilds]

Entry Summary for HACK SIV @ DEF CON 2024

Thanks again for participating! This submission earned $113.38 from SIV and $159.31 from the Public Vote, for a total of $272.69.

Here's what we noted in our evaluation:

What's interesting about this submission

• Could help a lot with communicating specific security goals
• Could help a lot with vetting whether we're meeting those goals or not, if more clear

Issue to track getting paid: siv-org/hack.siv.org#11