[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[minion-cvs] first steps to cleaner bibtex
Update of /home/minion/cvsroot/doc
In directory moria.mit.edu:/home/arma/work/minion/doc
Modified Files:
minion-design.bib minion-design.tex
Log Message:
first steps to cleaner bibtex
also committed the current new way to repad headers
Index: minion-design.bib
===================================================================
RCS file: /home/minion/cvsroot/doc/minion-design.bib,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -d -r1.16 -r1.17
--- minion-design.bib 10 Nov 2002 05:57:49 -0000 1.16
+++ minion-design.bib 1 Mar 2003 09:46:43 -0000 1.17
@@ -1,17 +1,26 @@
-@article{ pfitzmann90how,
+@InProceedings{pfitzmann90how,
author = "Birgit Pfitzmann and Andreas Pfitzmann",
title = "How to Break the Direct {RSA}-Implementation of {MIXes}",
- journal = "Lecture Notes in Computer Science",
- volume = "434",
- pages = "373--??",
- year = "1990",
- url = "citeseer.nj.nec.com/pfitzmann90how.html" }
+ booktitle = {Eurocrypt 89},
+ publisher = {Springer Verlag, LNCS 434},
+ year = {1990},
+ note = {\url{http://citeseer.nj.nec.com/pfitzmann90how.html}},
+}
@Misc{mixminion-spec,
author = {Mixminion},
- title = {Type {III} ({M}ixminion) {M}IX Protocol Specifications},
- note = {\newline \url{http://mixminion.net/minion-spec.txt}},
-}
+ title = {Type {III} ({M}ixminion) Mix Protocol Specifications},
+ note = {\url{http://mixminion.net/minion-spec.txt}},
+}
+
+@InProceedings{BM:mixencrypt,
+ author = {M{\"o}ller, Bodo},
+ title = {Provably Secure Public-Key Encryption for Length-Preserving Chaumian Mixes},
+ booktitle = {{CT-RSA} 2003},
+ publisher = {Springer Verlag, LNCS 2612},
+ year = 2003,
+ note = {To appear}
+}
% Would a more recent reference for SPRPs be more useful?
@Article{sprp,
@@ -25,11 +34,15 @@
pages = {373--386},
}
-@Misc{back-traffic-analysis,
- author = {Adam Back and Ulf M\"oller and Anton Stiglic},
- title = {Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems},
- howpublished = {Proceedings of the Information Hiding Workshop 2001},
- note = {\url{http://www.cypherspace.org/adam/pubs/traffic.pdf}},
+@InProceedings{back01,
+ author = {Adam Back and Ulf M\"oller and Anton Stiglic},
+ title = {Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems},
+ booktitle = {Information Hiding (IH 2001)},
+ pages = {245--257},
+ year = 2001,
+ editor = {Ira S. Moskowitz},
+ publisher = {Springer-Verlag, LNCS 2137},
+ note = {\url{http://www.cypherspace.org/adam/pubs/traffic.pdf}},
}
@InProceedings{rackoff93cryptographic,
@@ -38,41 +51,51 @@
booktitle = {{ACM} Symposium on Theory of Computing},
pages = {672--681},
year = {1993},
- note = {\newline \url{http://research.microsoft.com/crypto/dansimon/me.htm}},
+ note = {\url{http://research.microsoft.com/crypto/dansimon/me.htm}},
}
@InProceedings{freehaven-berk,
author = {Roger Dingledine and Michael J. Freedman and David Molnar},
title = {The Free Haven Project: Distributed Anonymous Storage Service},
- booktitle = {Workshop on Design Issues in Anonymity and Unobservability},
+ booktitle = {Designing Privacy Enhancing Technologies: Workshop
+ on Design Issue in Anonymity and Unobservability},
year = {2000},
month = {July},
+ editor = {H. Federrath},
+ publisher = {Springer Verlag, LNCS 2009},
note = {\url{http://freehaven.net/papers.html}},
}
@InProceedings{raymond00,
- author = {J. Raymond},
- title = {Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems},
- booktitle = {Workshop on Design Issues in Anonymity and Unobservability},
- year = {2000},
- month = {July},
- pages = {10-29},
- note = {\url{http://citeseer.nj.nec.com/454354.html}},
+ author = {J. F. Raymond},
+ title = {{Traffic Analysis: Protocols, Attacks, Design Issues,
+ and Open Problems}},
+ booktitle = {Designing Privacy Enhancing Technologies: Workshop
+ on Design Issue in Anonymity and Unobservability},
+ year = 2000,
+ month = {July},
+ pages = {10-29},
+ editor = {H. Federrath},
+ publisher = {Springer Verlag, LNCS 2009},
}
-@Misc{batching-taxonomy,
- author = {Andrei Serjantov and Roger Dingledine and Paul Syverson},
- title = {From a Trickle to a Flood: Active Attacks on Several Mix Types},
- howpublished = {Proceedings of the Information Hiding Workshop 2002},
- note = {\url{http://freehaven.net/doc/batching-taxonomy/taxonomy.pdf}},
+@InProceedings{trickle02,
+ author = {Andrei Serjantov and Roger Dingledine and Paul Syverson},
+ title = {From a Trickle to a Flood: Active Attacks on Several
+ Mix Types},
+ booktitle = {Information Hiding (IH 2002)},
+ year = {2002},
+ editor = {Fabien Petitcolas},
+ publisher = {Springer-Verlag, LNCS (forthcoming)},
}
@InProceedings{langos02,
- author = {Oliver Berthold and Heinrich Langos},
- title = {Dummy Traffic Against Long Term Intersection Attacks},
- booktitle = {Privacy Enhancing Technologies 2002},
- year = {2002},
- publisher = {Springer-Verlag},
+ author = {Oliver Berthold and Heinrich Langos},
+ title = {Dummy Traffic Against Long Term Intersection Attacks},
+ booktitle = {Privacy Enhancing Technologies (PET 2002)},
+ year = {2002},
+ editor = {Roger Dingledine and Paul Syverson},
+ publisher = {Springer Verlag, LNCS 2482}
}
@InProceedings{onion-discex00,
@@ -84,7 +107,7 @@
publisher = {IEEE CS Press},
pages = {34--40},
volume = {1},
- note = {\newline \url{http://www.onion-router.net/Publications.html}},
+ note = {\url{http://www.onion-router.net/Publications.html}},
}
@Misc{TLS,
@@ -123,33 +146,30 @@
note = {\url{http://www.rfc-editor.org/rfc/rfc1939.txt}},
}
-@Misc{onion-routing,
- author = {Naval Research Laboratory},
- title = {Onion Routing Publications},
- note = {\newline \url{http://www.onion-router.net/Publications.html}},
-}
-
-@Article{goldschlag99,
- author = {D. Goldschlag and M. Reed and P. Syverson},
- title = {Onion routing for anonymous and private Internet connections},
- journal = {Communications of the ACM},
- volume = {42},
- number = {2},
- pages = {39--41},
- year = {1999},
- note = {\newline \url{http://citeseer.nj.nec.com/goldschlag99onion.html}},
+@InProceedings{syverson_2000,
+ author = {Paul F. Syverson and Gene Tsudik and Michael G. Reed
+ and Carl E. Landwehr},
+ title = {Towards an Analysis of Onion Routing Security},
+ booktitle = {Designing Privacy Enhancing Technologies: Workshop
+ on Design Issue in Anonymity and Unobservability},
+ year = 2000,
+ month = {July},
+ pages = {96--114},
+ editor = {H. Federrath},
+ publisher = {Springer Verlag, LNCS 2009},
+ note = {\url{http://citeseer.nj.nec.com/syverson00towards.html}}
}
@InProceedings{shuffle,
- author = {C. Andrew Neff},
- title = {A Verifiable Secret Shuffle and its Application to E-Voting},
- booktitle = {8th ACM Conference on Computer and Communications
+ author = {C. Andrew Neff},
+ title = {A Verifiable Secret Shuffle and its Application to E-Voting},
+ booktitle = {8th ACM Conference on Computer and Communications
Security (CCS-8)},
- pages = {116--125},
- year = 2001,
- editor = {P. Samarati},
- month = {November},
- publisher = {ACM Press},
+ pages = {116--125},
+ year = 2001,
+ editor = {P. Samarati},
+ month = {November},
+ publisher = {ACM Press},
note = {\url{http://www.votehere.net/ada_compliant/ourtechnology/
technicaldocs/shuffle.pdf}},
}
@@ -178,20 +198,23 @@
author = {Oliver Berthold and Hannes Federrath and Stefan K\"opsell},
title = {Web {MIX}es: A system for anonymous and unobservable
{I}nternet access},
- booktitle = {Designing Privacy Enhancing Technologies, {LNCS} Vol. 2009},
+ booktitle = {Designing Privacy Enhancing Technologies: Workshop
+ on Design Issue in Anonymity and Unobservability},
+ editor = {H. Federrath},
+ publisher = {Springer Verlag, LNCS 2009},
pages = {115--129},
year = 2000,
- publisher = {Springer-Verlag},
}
@InProceedings{disad-free-routes,
author = {Oliver Berthold and Andreas Pfitzmann and Ronny Standtke},
title = {The disadvantages of free {MIX} routes and how to overcome
them},
- booktitle = {Designing Privacy Enhancing Technologies, {LNCS} Vol. 2009},
+ booktitle = {Designing Privacy Enhancing Technologies: Workshop
+ on Design Issue in Anonymity and Unobservability},
pages = {30--45},
year = 2000,
- publisher = {Springer-Verlag},
+ publisher = {Springer Verlag, LNCS 2009},
note = {\url{http://www.tik.ee.ethz.ch/~weiler/lehre/netsec/Unterlagen/anon/
disadvantages_berthold.pdf}},
}
@@ -231,37 +254,6 @@
note = {\newline \url{http://chacs.nrl.navy.mil/publications/CHACS/1998/}},
}
-@Misc{goldschlag-etal,
- author = {David M. Goldschlag and Stuart G. Stubblebine and
- Paul F. Syverson},
- title = {Temporarily Hidden Bit Commitment and Lottery
- Applications},
- note = {Submitted for journal publication},
-}
-
-@Article{chaum-dc,
- author = {David Chaum},
- title = {The {D}ining {C}ryptographers {P}roblem: Unconditional Sender and
- Recipient Untraceability},
- journal = {Journal of Cryptology},
- year = {1988},
- volume = {1},
- pages = {65--75},
- note = {\newline \url{http://komarios.net/crypt/diningcr.htm}},
-}
-
-@Misc{mccoy-dcnets,
- author = {Jim McCoy},
- title = {Re: {DC}-net implementation via reputation capital},
- note = {\newline \url{http://www.privacy.nb.ca/cryptography/archives/coderpunks/new/1998-10/0114.html}},
-}
-
-@Misc{nymip,
- author = {John Bashinski et al},
- title = {The {NymIP} Effort},
- note = {\newline \url{http://nymip.velvet.com/}},
-}
-
@Misc{shoup-iso,
author = {Victor Shoup},
title = {A Proposal for an {ISO} {S}tandard for Public Key Encryption (version 2.1)},
@@ -282,16 +274,10 @@
note = {\newline \url{http://eprint.iacr.org/2000/061/}},
}
-@Misc{levien,
- author = {Tim May},
- title = {Description of {L}evien's pinging service},
- note = {\newline \url{http://www2.pro-ns.net/~crypto/chapter8.html}},
-}
-
-@Misc{mixmaster,
- author = {Electronic {F}rontiers {G}eorgia ({EFGA})},
- title = {Anonymous Remailer Information},
- note = {\newline \url{http://anon.efga.org/Remailers/}},
+@misc{echolot,
+ author = {Peter Palfrader},
+ title = {Echolot: a pinger for anonymous remailers},
+ note = {\url{http://www.palfrader.org/echolot/}},
}
@Misc{mixmaster-attacks,
@@ -345,36 +331,35 @@
author = {Masayuki Abe},
title = {Universally Verifiable {MIX} With Verification Work Independent of
The Number of {MIX} Servers},
- booktitle = {Advances in Cryptology - {EUROCRYPT} 1998, {LNCS} Vol. 1403},
+ booktitle = {{EUROCRYPT} 1998},
year = {1998},
- publisher = {Springer-Verlag},
+ publisher = {Springer-Verlag, LNCS 1403},
}
@InProceedings{desmedt,
author = {Yvo Desmedt and Kaoru Kurosawa},
title = {How To Break a Practical {MIX} and Design a New One},
- booktitle = {Advances in Cryptology - {EUROCRYPT} 2000, {LNCS} Vol. 1803},
+ booktitle = {{EUROCRYPT} 2000},
year = {2000},
- publisher = {Springer-Verlag},
+ publisher = {Springer-Verlag, LNCS 1803},
note = {\url{http://citeseer.nj.nec.com/447709.html}},
}
@InProceedings{mitkuro,
author = {M. Mitomo and K. Kurosawa},
title = {Attack for {F}lash {MIX}},
- booktitle = {Advances in Cryptology -\newline {ASIACRYPT} 2000,
- {LNCS} Vol. 1976},
+ booktitle = {{ASIACRYPT} 2000},
year = {2000},
- publisher = {Springer-Verlag},
- note = {\newline \url{http://citeseer.nj.nec.com/450148.html}},
+ publisher = {Springer-Verlag, LNCS 1976},
+ note = {\url{http://citeseer.nj.nec.com/450148.html}},
}
@InProceedings{hybrid-mix,
author = {M. Ohkubo and M. Abe},
title = {A {L}ength-{I}nvariant {H}ybrid {MIX}},
- booktitle = {Advances in Cryptology - {ASIACRYPT} 2000, {LNCS} Vol. 1976},
+ booktitle = {Advances in Cryptology - {ASIACRYPT} 2000},
year = {2000},
- publisher = {Springer-Verlag},
+ publisher = {Springer-Verlag, LNCS 1976},
}
@InProceedings{PShuffle,
@@ -391,7 +376,7 @@
}
-@misc{ jakobsson-optimally,
+@misc{jakobsson-optimally,
author = "Markus Jakobsson and Ari Juels",
title = "An Optimally Robust Hybrid Mix Network (Extended Abstract)",
url = "citeseer.nj.nec.com/492015.html" }
@@ -400,9 +385,9 @@
author = {D. Kesdogan and M. Egner and T. B\"uschkes},
title = {Stop-and-Go {MIX}es Providing Probabilistic Anonymity in an Open
System},
- booktitle = {Information Hiding Workshop 1998, {LNCS} Vol. 1525},
+ booktitle = {Information Hiding (IH 1998)},
year = {1998},
- publisher = {Springer Verlag},
+ publisher = {Springer Verlag, LNCS 1525},
note = {\newline \url{http://www.cl.cam.ac.uk/~fapp2/ihw98/ihw98-sgmix.pdf}},
}
@@ -453,19 +438,24 @@
note = {\newline \url{http://citeseer.nj.nec.com/clarke00freenet.html}},
}
-@Misc{dodis,
- author = {Yevgeniy Dodis},
- title = {Semantically Secure Homomorphic Encryption Schemes},
- note = {Manuscript},
-}
-
@Misc{rprocess,
author = {RProcess},
title = {Selective Denial of Service Attacks},
note = {\newline \url{http://www.eff.org/pub/Privacy/Anonymity/1999\_09\_DoS\_remail\_vuln.html}},
}
-@Misc{remailer-history,
+@Article{remailer-history,
+ author = {Sameer Parekh},
+ title = {Prospects for Remailers},
+ journal = {First Monday},
+ volume = {1},
+ number = {2},
+ month = {August},
+ year = {1996},
+ URL = {http://www.firstmonday.dk/issues/issue2/remailers/}
+}
+
+@Misc{remailer-history-old,
author = {Tim May},
title = {Description of early remailer history},
howpublished = {E-mail archived at
@@ -484,10 +474,15 @@
note = {\newline \url{http://www.eskimo.com/~weidai/mix-net.txt}},
}
-@Misc{nym-alias-net,
- author = {David Mazi\`eres and M. Frans Kaashoek},
- title = {The Design, Implementation and Operation of an Email Pseudonym Server},
- note = {\newline \url{http://www.cs.berkeley.edu/~daw/teaching/cs261-f98/papers/pnym.txt}},
+@InProceedings{nym-alias-net,
+ author = {David Mazi\`{e}res and M. Frans Kaashoek},
+ title = {{The Design, Implementation and Operation of an Email
+ Pseudonym Server}},
+ booktitle = {$5^{th}$ ACM Conference on Computer and
+ Communications Security (CCS'98)},
+ year = 1998,
+ publisher = {ACM Press},
+ note = {\url{http://www.scs.cs.nyu.edu/~dm/}},
}
@Misc{timmay,
@@ -607,7 +602,7 @@
school = {{MIT}},
title = {Private {I}nformation {R}etrieval},
year = {2000},
- note = {\newline \url{http://toc.lcs.mit.edu/~tal/pubs.html}}
+ note = {\url{http://toc.lcs.mit.edu/~tal/pubs.html}}
}
@Misc{zks,
@@ -664,26 +659,35 @@
Full version available from \newline \url{http://www-cse.ucsd.edu/users/mihir/}},
}
-@Misc{mix-acc,
- author = {Roger Dingledine and Michael J. Freedman and David Hopwood and David Molnar},
- title = {A {R}eputation {S}ystem to {I}ncrease {MIX}-net {R}eliability},
- howpublished = {Proceedings of the Information Hiding Workshop 2001},
- note = {\url{http://www.freehaven.net/papers.html}},
+
+@InProceedings{mix-acc,
+ author = {Roger Dingledine and Michael J. Freedman and David
+ Hopwood and David Molnar},
+ title = {{A Reputation System to Increase MIX-net
+ Reliability}},
+ booktitle = {Information Hiding (IH 2001)},
+ pages = {126--141},
+ year = 2001,
+ editor = {Ira S. Moskowitz},
+ publisher = {Springer-Verlag, LNCS 2137},
+ note = {\url{http://www.freehaven.net/papers.html}},
}
-@Misc{casc-rep,
+@InProceedings{casc-rep,
author = {Roger Dingledine and Paul Syverson},
- title = {Reliable {MIX} {C}ascade {N}etworks through {R}eputation},
- howpublished = {Proceedings of Financial Cryptography 2002},
- note = {\newline \url{http://www.freehaven.net/papers.html}},
+ title = {{Reliable MIX Cascade Networks through Reputation}},
+ booktitle = {Financial Cryptography (FC '02)},
+ year = 2002,
+ editor = {Matt Blaze},
+ publisher = {Springer Verlag, LNCS (forthcoming)},
}
@InProceedings{zhou96certified,
author = {Zhou and Gollmann},
title = {Certified Electronic Mail},
- booktitle = {{ESORICS}: {E}uropean {S}ymposium on {R}esearch in {C}omputer
- {S}ecurity, {LNCS} Vol. 1146},
- publisher = {Springer-Verlag},
+ booktitle = {{ESORICS: European Symposium on Research in Computer
+ Security}},
+ publisher = {Springer-Verlag, LNCS 1146},
year = {1996},
note = {\newline \url{http://citeseer.nj.nec.com/zhou96certified.html}},
}
@@ -691,15 +695,15 @@
@Misc{realtime-mix,
author = {Anja Jerichow and Jan M\"uller and Andreas Pfitzmann and
Birgit Pfitzmann and Michael Waidner},
- title = {Real-{T}ime {MIX}es: A Bandwidth-Efficient Anonymity Protocol},
+ title = {{Real-Time MIXes: A Bandwidth-Efficient Anonymity Protocol}},
howpublished = {IEEE Journal on Selected Areas in Communications 1998.},
- note = {\newline \url{http://www.zurich.ibm.com/security/publications/1998.html}},
+ note = {\url{http://www.zurich.ibm.com/security/publications/1998.html}},
}
@InProceedings{BEAR-LIONESS,
author = {Ross Anderson and Eli Biham},
title = {Two Practical and Provably Secure Block Ciphers: {BEAR} and {LION}},
- booktitle = {International Workshop on Fast Software Encryption, {LNCS}},
+ booktitle = {International Workshop on Fast Software Encryption},
year = {1996},
publisher = {Springer-Verlag},
note = {\url{http://citeseer.nj.nec.com/anderson96two.html}},
Index: minion-design.tex
===================================================================
RCS file: /home/minion/cvsroot/doc/minion-design.tex,v
retrieving revision 1.101
retrieving revision 1.102
diff -u -d -r1.101 -r1.102
--- minion-design.tex 28 Feb 2003 21:47:29 -0000 1.101
+++ minion-design.tex 1 Mar 2003 09:46:43 -0000 1.102
@@ -1,17 +1,10 @@
-% XXX remember to mention bodo moeller's crypto paper
-
% \documentclass[10pt, twocolumn]{IEEEtran}
\documentclass[final,inpress,inline]{ieee}
-% \documentclass{llncs}
-
\usepackage{url}
\usepackage{graphics}
\usepackage{amsmath}
-\newcommand{\workingnote}[1]{} % The version that hides the note.
-%\newcommand{\workingnote}[1]{(**#1)} % The version that makes the note visible.
-
\renewcommand\url{\begingroup \def\UrlLeft{<}\def\UrlRight{>}\urlstyle{tt}\Url}
\newcommand\emailaddr{\begingroup \def\UrlLeft{<}\def\UrlRight{>}\urlstyle{tt}\Url}
@@ -39,8 +32,8 @@
\title{Mixminion: Design of a Type III Anonymous Remailer Protocol}
%\author{George Danezis\inst{1} \and Roger Dingledine\inst{2} \and Nick Mathewson\inst{2}}
-\author{George Danezis \\ University of Cambridge \\ george.danezis@cl.cam.ac.uk \and
-Roger Dingledine and Nick Mathewson \\ The Free Haven Project \\ \{arma,nickm\}@freehaven.net}
+\author{George Danezis \\ University of Cambridge \\ \emailaddr{george.danezis@cl.cam.ac.uk} \and
+Roger Dingledine and Nick Mathewson \\ The Free Haven Project \\ \emailaddr{{arma,nickm}@freehaven.net}}
%\institute{Cambridge University
%\email{\emailaddr{george.danezis@cl.cam.ac.uk}}
%\and
@@ -81,7 +74,7 @@
designs and proofs
\cite{abe}\cite{babel}\cite{flash-mix}\cite{kesdogan}\cite{shuffle}\cite{hybrid-mix},
and discovered a variety of new attacks
-\cite{back-traffic-analysis}\cite{langos02}\cite{disad-free-routes}\cite{desmedt}\cite{mitkuro}\cite{raymond00}.
+\cite{back01}\cite{langos02}\cite{disad-free-routes}\cite{desmedt}\cite{mitkuro}\cite{raymond00}.
But because many of the newer designs require considerable coordination,
synchronization, bandwidth, or processing resources, deployed remailers still use
Cottrell's Mixmaster design from 1994
@@ -239,7 +232,7 @@
mix-net. Cascades can provide greater anonymity against an adversary
who owns many mixes \cite{disad-free-routes}, but they are also more
vulnerable to blending attacks such as trickle or flooding attacks
-\cite{batching-taxonomy}.
+\cite{trickle02}.
Furthermore, cascade networks arguably have lower maximum anonymity because
the number of people Alice can hide among (her \emph{anonymity set}) is limited
to the number of messages the weakest node in her cascade can handle.
@@ -392,7 +385,7 @@
Mixminion brings together the current best practical approaches
for providing anonymity in a batching message-based free-route mix
environment. We do not aim to provide a low-latency connection-oriented
-service like Freedom \cite{freedom} or Onion Routing \cite{goldschlag99}:
+service like Freedom \cite{freedom} or Onion Routing \cite{syverson_2000}:
while those designs are more convenient for common activities like
anonymous web browsing, their low latency necessarily implies smaller
anonymity sets than with slower, message-based services. Indeed, we
@@ -560,33 +553,21 @@
Tagging attacks, and our approach to preventing them, are discussed in more
detail in Section \ref{subsec:tagging-defenses}.
-% NNNN This is redundant now. -NM
-%% We require parties that benefit from anonymity properties to run dedicated
-%% software. Specifically, senders generating forward messages must be able
-%% to create onions, and anonymous receivers must be able to create reply blocks
-%% and unwrap messages received through those reply blocks. Other
-%% parties, such as those receiving forward messages and those sending direct reply
-%% messages, do not need to run new software: they send and receive
-%% messages via e-mail gateways.
-%% We use the quoting
-%% performed by ordinary mail software to include the reply
-%% block in a direct reply; this is sent to a node at the {\tt Reply-To:}
-%% address, which extracts the reply block and constructs a properly
-%% formatted onion.
-
Messages are composed of a header section and a payload. We divide
a message's path into two \emph{legs}, and split the header section
correspondingly into a main header and a secondary header. Each header
is composed of up to 16 subheaders, one for each hop along the path.
-Each subheader contains a hash of the remainder of its header as
-seen by that mix, so we can do
-integrity-checking of the path (but not the payload) within each leg.
-Each subheader also contains a master secret, which is used to derive a
-symmetric key for decrypting the rest of the message. The mix also
-derives a padding seed from this master key. It uses this padding seed
-to place predictable padding at the end of the header, so the hash will
-match even though each hop must repad the header to maintain constant
-length. Each subheader also includes the address of the next node to which
+Each subheader contains a hash of the remainder of its header as seen
+by that mix, so we can do integrity-checking of the path (but not the
+payload) within each leg. Each subheader also contains a master secret,
+which is used to derive a symmetric key for decrypting the rest of the
+message. The mix appends an appropriate number of zero bits to the header
+after message decryption, and decrypts those also -- the decryption of
+the padding is predictable, and so the hash can match even though each
+hop must repad the header to maintain constant length. A proof for the
+security of this approach is given in \cite{BM:mixencrypt}.
+
+Each subheader also includes the address of the next node to which
the message should be forwarded, along with its expected signature key
fingerprint --- the mix refuses to deliver the message until the next
hop has proved its identity.
@@ -631,11 +612,8 @@
To fulfill the above requirements we use a variable-length block
cipher adapted to the length of the payload --- that
is, a cipher that acts as a permutation on a block the size of its
-input (a header or the payload). Possible candidates
-include LIONESS \cite{BEAR-LIONESS} and SPC \cite{SPC}.
-% ???? What can anybody tell me about SPC? I get no google hits
-% except for this paper.-NM
-% dunno. good thing we have another candidate. -RD
+input (a header or the payload). One candidate
+is LIONESS \cite{BEAR-LIONESS}.
The cryptographic property required is that of a super-pseudo-random
permutation (a.k.a. strong pseudo-random permutation) or SPRP \cite{sprp}.\footnote{
The weaker PRP property may be sufficient, given that preventing
@@ -1189,7 +1167,7 @@
The Mixmaster protocol does not specify a means for clients to learn the
locations, keys, capabilities, or performance statistics of mixes. Several
-\emph{ad hoc} schemes have grown to fill that void \cite{levien}, but as we
+\emph{ad hoc} schemes have grown to fill that void \cite{echolot}, but as we
explain below, it is important that all clients learn this information in
the same way. (Omitting directory servers is not an option: without timely
information, clients cannot respond to changes in the set of mixes, or to
@@ -1259,7 +1237,7 @@
Directory servers compile node availability and performance information by
sending traffic through mixes in their directories. This is currently
-similar to the current ping servers \cite{levien}, but in the
+similar to the current ping servers \cite{echolot}, but in the
future we can investigate integrating more complex and attack-resistant
reputation metrics. But even this reputation information introduces
vulnerabilities: for example, an adversary
@@ -1371,7 +1349,7 @@
\label{subsec:batching}
Low-latency systems like Onion Routing aim to provide anonymity against an
-adversary who is not watching both Alice and Bob \cite{onion-routing}. If
+adversary who is not watching both Alice and Bob \cite{syverson_2000}. If
the adversary watches both, he can for instance count packets and observe
packet timing to become confident that they are communicating. Because
Mixminion aims to defeat even a global passive adversary, we must address
@@ -1382,11 +1360,11 @@
unknown to him in the batch is the target message. This approach is
known as the \emph{blending attack} because the adversary blends his
own recognizable messages with the honest messages in the batch
-\cite{batching-taxonomy}. By repeatedly
+\cite{trickle02}. By repeatedly
attacking each mix in the path, the adversary will link Alice and Bob.
Mixminion nodes use a \emph{timed dynamic-pool} batching strategy
-\cite{batching-taxonomy} adapted from Mixmaster. Rather than simply
+\cite{trickle02} adapted from Mixmaster. Rather than simply
processing each message as soon as it arrives, each mix keeps a pool of
messages. New messages arrive, are decrypted, and enter the pool. The
mix fires every $t$ seconds, but only if the pool contains at least a
@@ -1445,8 +1423,7 @@
honest messages remain. In the second phase of the attack, he again
needs to flush until the target message comes out, but once it does, he
can be certain of recognizing it. To prevent this, Mixminion employs the following
-dummy policy, as suggested in \cite{batching-taxonomy}:
-%and analyzed in \cite{andrei-claudia}:
+dummy policy, as suggested in \cite{trickle02}:
each time the mix
fires, it also sends out a number of dummies chosen from a geometric
distribution. These dummies travel a number of hops chosen uniformly
@@ -1529,7 +1506,7 @@
\item \emph{Delaying messages.} The adversary can delay messages and
release them when certain network parameters (eg traffic volume) are
different. The efficacy of this attack is poorly understood, but it may
-well be quite damaging \cite{batching-taxonomy}. Imposing a deadline on
+well be quite damaging \cite{trickle02}. Imposing a deadline on
transmission at each hop may help \cite{mix-acc}.
\item \emph{Dropping messages.} The adversary can drop messages with the
hope that users will notice and resend. If the user must resend, he
@@ -1613,7 +1590,7 @@
\begin{itemize}
\item We need more research on batching strategies that resist blending
-attacks \cite{batching-taxonomy} as well as intersection
+attacks \cite{trickle02} as well as intersection
attacks on asynchronous free routes \cite{disad-free-routes}. In
particular the anonymity they provide during normal operation or
under attack must be balanced with other properties such as latency