Re: [freehaven-dev] RFC: Design for an anonymous network [switching sym keys]

[Roger Dingledine <arma@mit.edu>]

On Tue, Mar 06, 2001 at 06:03:51PM -0500, Michael J Freedman wrote:
> >Specifically, I'm wondering how you tell the middlemen about their new
> >keys without letting M also learn them. (The ways I've thought of so
> >far are either clumsy, broken, or both.)
> 
> Amazingly, this detail slipped my mind.  This was something that just
> occurred to me when writing up the draft, so perhaps I didn't flush out all
> the details.
> 
> Well, the obvious way is just public-key encrypt the random number to
> middlement using their PK_net.  Admittedly, that's not terribly nice, but
> only will give us an extra PK operation on like 56 bits or something.
 
It's not quite this simple, in that A doesn't know the PK_net's of the
nodes on the far side of M. So some sort of scheme where A chooses all
the new r_i's, and then informs his side and encrypts the remainder with
PK_net_B and then B has to inform his side on the way back...

It could work. But it's clumsy.

(We should try to think of something better.)
--Roger