Re: [freehaven-dev] RFC: Design for an anonymous network [switching sym keys]

[Roger Dingledine <arma@mit.edu>]

On Mon, Mar 05, 2001 at 01:22:16PM -0500, Michael J Freedman wrote:
> 2.    Problem;  M knows symmetric keys down to both A and B.  
>       Solution:  When A sends its first message to B (say,
> ENDPOINT_ROUTE_CREATE), it can include n random numbers (equal in size to
> the n
> symmetric keys), such that
> 
>       new_key = (old_key + random) mod k
> 
> i.e., it performs arithmetic transformation in some prime field k to prevent M
> from being able to decrypt future message between A and B.  Obviously, this
> requires a bit of more public_key operations: 
>       
>       ENDPOINT_ROUTE_CREATE_MSG = {r1..rn}_PK_fs_B
 
I don't understand how this works. Can you go through it in more detail?

Specifically, I'm wondering how you tell the middlemen about their new
keys without letting M also learn them. (The ways I've thought of so
far are either clumsy, broken, or both.)

--Roger