The first probability of interest is the worst case probability of failure assuming that


In that case A will need to compare approximately n strong signatures (one for each

byte offset) with each of the n/L strong signatures from B. The algorithm fails if any of

these comparisons give a false positive. If we assume that L is O(√n) then the number

of pairwise strong signature comparisons per file is O(n3/2


To convert this to a probability of failure we need to make an important assump-

tion about the nature of the rsync algorithm – that rsync is no better at finding colli-

sions in the strong signature algorithm than a brute force search. This is not an unrea-


Optimizations considered in the next chapter reduce the effective size of the signatures, allowing for
a considerably smaller block-size while maintaining the same maximum overhead target.

§3.4 The probability of failure


sonable assumption as otherwise rsync could be employed as a code breaking engine,

which would indicate a serious flaw in the cryptographic strength of the strong sig-

nature algorithm. Although cryptanalysts do regularly find flaws in message digest

algorithms it seems implausible that rsync happens to have exposed such a flaw.

Given that assumption we can calculate the probability of failure under specific

conditions. With a 128 bit strong signature (such as MD4) we would need about


signature comparisons to have an even chance of finding a false positive. If we

have one million computers each transferring a one gigabyte file each second then we

would expect it to take about 1011


for a transfer failure to occur.

