[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[minion-cvs] fixed some typos and LaTeX errors



Update of /home/minion/cvsroot/doc
In directory moria.seul.org:/tmp/cvs-serv28186

Modified Files:
	minion-design.tex minion-design.bib 
Log Message:
- fixed some typos and LaTeX errors
- fixed most of the references
- added URLs for on-line references
- added stuff about cascades and robustness to Related Work section
- distinguish mailbox names from e-mail addresses
- added comment about caps block

Sorry I've been a bit unresponsive recently. I'll do the write-up
for the "distinguishable" section tomorrow.


Index: minion-design.tex
===================================================================
RCS file: /home/minion/cvsroot/doc/minion-design.tex,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- minion-design.tex	3 May 2002 02:34:33 -0000	1.15
+++ minion-design.tex	3 May 2002 04:44:27 -0000	1.16
@@ -7,6 +7,11 @@
 \newcommand{\workingnote}[1]{}        % The version that hides the note.
 %\newcommand{\workingnote}[1]{(**#1)}   % The version that makes the note visible.
 
+\renewcommand\url{\begingroup \def\UrlLeft{<}\def\UrlRight{>}\urlstyle{tt}\Url}
+\newcommand\emailaddr{\begingroup \def\UrlLeft{<}\def\UrlRight{>}\urlstyle{tt}\Url}
+% REMIND: there's a bug in the URL package that puts '%' in the second line
+% of a wrapped URL.
+
 %\newif\ifpdf
 %\ifx\pdfoutput\undefined
 %   \pdffalse
@@ -26,20 +31,23 @@
 %\fi
 
 \title{The Mixminion Anonymous Remailer}
-\author{George Danezis\inst{1} \and Roger Dingledine\inst{2} \and Nick Mathewson\inst{2}}
+\author{George Danezis\inst{1} \and Roger Dingledine\inst{2} \and David Hopwood\inst{3}
+        \and Nick Mathewson\inst{2}}
 \institute{Cambridge
-\email{(george.danezis@cambridge)}
+\email{\emailaddr{george.danezis@cambridge}}
 \and
 The Free Haven Project
-\email{(arma@mit.edu)}
-% add some more people here
+\email{\emailaddr{arma@mit.edu}}
+\and
+Independent consultant
+\email{\emailaddr{david.hopwood@zetnet.co.uk}}
 }
 \maketitle
 \pagestyle{empty} 
   
 \begin{abstract}
 
-We describe a packet-based anonymous remailer protocol which supports
+We describe a packet-based anonymous remailer protocol that supports
 secure single-use reply blocks and includes link-level encryption to provide
 forward anonymity. We describe designs for directory servers and nymservers,
 and discuss their anonymity implications. We include justification
@@ -48,7 +56,7 @@
 
 \end{abstract}
 
-Keywords: anonymity, peer-to-peer, remailer, store-and-forward, reply block %, ...
+Keywords: anonymity, MIX-net, peer-to-peer, remailer, nymserver, reply block %, ...
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
@@ -57,8 +65,8 @@
 
 Chaum first introduced anonymous remailer designs over 20 years ago
 \cite{chaum-mix}. The research community has since introduced many new
-designs and proofs \cite{big chain of cites?}, and discovered a variety
-of new attacks \cite{more cites?}, but the
+designs and proofs \cite{big-chain-of-cites}, and discovered a variety
+of new attacks \cite{more-cites}, but the
 state of deployed remailers has changed remarkably little since Cottrell
 published his Mixmaster software \cite{mixmaster-attacks} eight years
 ago. Part of the difficulty in expanding the deployed remailer base is
@@ -73,9 +81,9 @@
 describe our overall design in Section \ref{sec:design}, including two
 designs for a new primitive called a \emph{single-use reply block}
 (SURB).  Mixmaster provides no support for replies, instead relying
-on the older and less secure cypherpunk type I remailer design
-\cite{cypherpunk-remailer}. By integrating reply capabilities into
-Mixminion, we can finally retire the type I remailer network.
+on the older and less secure cypherpunk Type I remailer design
+\cite{remailer-history}. By integrating reply capabilities into
+Mixminion, we can finally retire the Type I remailer network.
 
 We go on in Section \ref{sec:dir-servers} to describe a design for
 Directory Servers to track and distribute remailer availability,
@@ -84,12 +92,12 @@
 using SURBs. We introduce link-level encryption with ephemeral keys to
 ensure forward anonymity for each message. We also provide flexible
 delivery schemes --- rather than just allowing delivery to mail or
-usenet, we allow designers to add arbitrary modules to handle incoming
+Usenet, we allow designers to add arbitrary modules to handle incoming
 messages. By separating the core mixing architecture from these
 higher-level modules, we can limit their influence on the anonymity
 properties of the system.
 
-Mixminion aims to be a best-of-breed remailer which uses conversative
+Mixminion aims to be a best-of-breed remailer that uses conservative
 design approaches to provide security against most known attacks.
 Many of our design decisions impacted anonymity in surprising ways. Herein
 we document and analyze some of these influences to provide more intuition
@@ -105,8 +113,8 @@
 \cite{chaum-mix}. A MIX-net consists of a group of servers, called MIXes
 (or MIX nodes), each of which is associated with a public key. Each
 MIX receives encrypted messages, which are then decrypted, batched,
-reordered, stripped of the sender's name and identifying information, and
-forwarded on. Chaum also proved security of MIXes against a \emph{passive
+reordered, and forwarded on without any information identifying the
+sender. Chaum also proved security of MIXes against a \emph{passive
 adversary} who can eavesdrop on all communications between MIXes but is
 unable to observe the reordering inside each MIX.
 
@@ -114,6 +122,16 @@
 \cite{kesdogan}, distributed ``flash MIXes'' \cite{flash-mix} and their
 weaknesses \cite{desmedt,mitkuro}, and hybrid MIXes \cite{hybrid-mix}.
 
+One type of MIX hierarchy is a cascade.
+In a cascade network, users choose from a set of fixed paths through
+the MIX-net. Cascades can provide greater anonymity against a large
+adversary, because in a free-route system an
+adversary who owns many of the MIXes can use intersection attacks to
+dramatically reduce the set of possible senders or receivers for a given
+message \cite{disad-free-routes}.
+MIX cascade research includes real-time MIXes \cite{realtime-mix} and
+web MIXes \cite{web-mix}.
+
 \subsection{Deployed Remailer Systems}
 
 The first widespread public implementations of MIXes were produced by the
@@ -129,6 +147,33 @@
 introduced the Babel system \cite{babel}, which also created a practical
 remailer design (although one that never saw widespread use).
 
+\subsection{Robustness}
+
+Some previous work investigates a notion of the \emph{robustness}
+of MIX-nets in the context of a distributed MIX system
+\cite{flash-mix}. A MIX is considered robust if it survives the
+failure of any $k$ of $n$ participating servers, for some threshold
+$k$. This robustness is all or nothing: either $k$ servers are
+good and the MIX works, or they are not good and the MIX likely will
+not work.
+
+Robustness has been achieved primarily via the use of zero-knowledge
+proofs of correct computation; participants use such proofs to convince
+each other that they follow the protocol correctly without revealing secret
+information. Done na\"{\a i}vely, this incurs significant
+overhead. 
+Jakobsson showed how to use precomputation to reduce the overhead of
+such a MIX network to about 160 modular multiplications
+per message per server \cite{flash-mix}, but the protocol was later
+found to be flawed \cite{mitkuro} by Mitsumo and Kurosawa. They
+proposed a fix for the protocol, but the efficacy of this fix remains
+to be evaluated.  A different approach was taken by Desmedt and
+Kurosawa \cite{desmedt}, but their technique requires many
+participating servers. Other work, such as Abe's MIX \cite{abe},
+provides \emph{universal verifiability} in which any observer can
+determine after the fact whether a MIX cheated or not, but
+the protocol is still computationally expensive.
+
 \subsection{Remailer Statistics}
 
 Levien's \emph{statistics pages} \cite{levien} track both remailer
@@ -142,7 +187,7 @@
 minimum reliability scores, decide that a remailer should always or never
 be used, and specify maximum latency. Ongoing research on more powerful
 reputation systems includes a reputation system for free-route networks
-\cite{mix-acc} and a more secure one for MIX cascades \cite{casc-rep}.
+\cite{mix-acc} and another for MIX cascades \cite{casc-rep}.
 
 % maybe add a subsection on nymservers too?
 
@@ -165,7 +210,7 @@
 Mixminion aims to bring together the current best approaches for providing
 anonymity in a batching message-based MIX environment. We don't aim
 to provide low-latency connection-oriented services like Freedom
-\cite{freedom} or Onion Routing \cite{onion-routing} --- while those
+\cite{freedom} or Onion Routing \cite{onion-routing,goldschlag99} --- while those
 designs are more effective for common activities like anonymous web
 browsing, it seems they cannot provide the level of strong anonymity of
 slower message-based services [Do we, uh, want to cite that?]. Indeed, we
@@ -175,7 +220,7 @@
 
 We chose to drop backward-compatibility with Mixmaster and the cypherpunk
 remailer systems, in order to provide a simple extensible design. At
-the same time, we provide a new feature: a reply block mechanism which
+the same time, we provide a new feature: a reply block mechanism that
 is as secure as forward messages.
 
 Reusable reply blocks are security risks --- by their very nature they
@@ -192,10 +237,10 @@
 protocol for building and processing messages. In particular, we
 focus on two competing ways of providing secure reply functionality,
 and the tradeoffs and design decisions surrounding each approach. In
-the first approach, we provide a mechanism for doing replies where a
-reply message is indistinguishable from a forward message. Because this
-approach introduces some attacks which we cannot adequately address, we
-then propose a second approach which allows forward and reply messages
+the first approach, we provide a mechanism for implementing replies so
+that a reply message is indistinguishable from a forward message. Because this
+approach introduces some attacks that we cannot adequately address, we
+then propose a second approach that allows forward and reply messages
 to be distinguished but provides better overall security.
 
 
@@ -212,10 +257,10 @@
 
 At the same time, protocols like Mixmaster include hashes of the entire
 message in each header. Each hop in the path checks the integrity of
-the header and payload, and drops the message immediately if it's been
+the header and payload, and drops the message immediately if it has been
 altered. But since the author of the reply block is not the one writing
 the payload, these hashes can no longer be used. Indeed, since we choose
-to make forward message and replies indistinguishable, we cannot provide
+to make forward messages and replies indistinguishable, we cannot provide
 hashes for forward messages either. This choice introduces a new class
 of attacks known as \emph{tagging attacks}.
 
@@ -226,7 +271,7 @@
 \end{center}
 \end{figure}
 
-The ``header swap'' mechanism could be used in order to minimize the
+A ``header swap'' mechanism could be used in order to minimize the
 information leaked by \emph{tagging attacks}. Each mixminion packet,
 when created, has two headers: the first one contains a series of sub
 headers encrypted as an onion under the public keys of a sequence of
@@ -242,7 +287,7 @@
 on \emph{figure 1}. Each node decrypts the RSA sub header, retrieves
 the key and checks the integrity of the first header. If someone has
 tampered with it, the packet is discarded. If the header is correct,
-the secret is used to decrypt the second header and the payload. The
+the secret is used to decrypt the second header and the payload. There
 is one special node, at the ``crossover point'', in the path that in
 addition to the standard operation, decrypts the second header using
 the hash of the payload and swaps the two headers.
@@ -269,7 +314,7 @@
 
 \subsection{Link-level encryption and what it gets us}
 
-Unlike remailer types I and II that used SMTP as their underlying
+Unlike remailer Types I and II that used SMTP as their underlying 
 transport mechanism, Mixminion clients and nodes communicate using a
 forward secure encrypted channel based on TLS \cite{TLS}.  TLS allows
 the establishment of an encrypted tunnel using ephemeral
@@ -310,21 +355,26 @@
 DELIVERY--are specified as a part of the Mixminion standard.  Others
 may be added by future extensions, in order to implement
 abuse-resistant exit policies (see \ref{subsec:exitpolicies}), to
-administer nymservers (see \ref{subsec:nymservers}), to publish
-anonymously to USENET, or to support other protocols.
+administer nymservers (see \ref{sec:nymservers}), to publish
+anonymously to Usenet, or to support other protocols.
 
 % We never reached a consensus (afaik) on whether 'FORWARD' and 'DROP'
 % were types or not.  Are they? -Nick
 
 Nearly all delivery methods require additional information beyond the
 message type and its payload.  The SMTP module, for example, requires
-an email address.  In our current design, this information is placed
-in a variable-length annex to the final header.  \footnote{It must be
+a mailbox name.\footnote{A {\it mailbox name} is the ``{\tt user@domain}''
+part of an e-mail address. Mixminion uses only mailbox names in the
+protocol, because the comment parts of an e-mail address could potentially
+be different for senders who have obtained an address from different
+sources, leading to a reduction in anonymity sets.}
+In our current design, this information is placed
+in a variable-length annex to the final header.\footnote{It must be
 in the header, since putting delivery information in the payload would
-prevent people from creating SURBs that delivered by SMTP.  On the one
-hand, under the ``header swap'' method described in
+prevent people from creating SURBs that can be delivered by SMTP.
+On the one hand, under the ``header swap'' method described in
 \ref{subsec:header-swap}, the all-or-nothing property of BEAR prevents
-generator of a reply block from putting any information in the
+the generator of a reply block from putting any information in the
 payload.  On the other hand, under the ``distinguish replies'' method
 in \ref{subsec:distinguish-replies}, the delivery information would
 create a portion of the payload that the final node {\it could}
@@ -349,13 +399,18 @@
 
 % Is all of the stuff above really in the caps block?  Or do we break
 % the volatile part (short-term key) from the nonvolatile part? -Nick
+%
+% I think they should be in the same block, although probably
+% "capability block" isn't a good name for it. Capabilities should
+% also be able to change without losing identity/reputation, and
+% there would be no point in having two separate update mechanisms. --DH
 
 The possibility of multiple delivery methods doesn't come free: their
 presence may fragment the anonymity set.  For example, if there were 5
 ways to send a SMTP message to Bob, an attacker could partition Bob's
 incoming mail by assuming that one of those ways was Alice's favorite.
 Furthermore, an active attacker Mallory could lure users into using an
-exit node he had compromised by advertising that node as supporting a
+exit node he had compromized by advertising that node as supporting a
 rare but desirable delivery method.
 
 We claim that these attacks do not provide an argument against
@@ -368,10 +423,10 @@
 One important entry in a node's capability block is its \emph{exit
 policy}. Exit abuse is a serious barrier to wide-scale remailer deployment
 --- rare indeed is the network administrator tolerant of machines that
-potentially deliver hate mail to the President.
+potentially deliver hate mail to the U.S. President.
 
-On one end of the spectrum are \emph{open exit} nodes which will
-deliver anywhere; on the other end are \emph{middle-man} nodes which
+On one end of the spectrum are \emph{open exit} nodes that will
+deliver anywhere; on the other end are \emph{middle-man} nodes that
 only relay traffic to other remailer nodes. More generally, nodes can
 set individual exit policies to declare which traffic they will let
 exit from them, such as traffic for local users or other authenticated
@@ -392,7 +447,7 @@
 } Similarly, if receiving mail is opt-out, an abuser can deny service
 by forging an opt-out request from a legitimate user. We might instead
 keep the mail at the exit node and send a note to the recipient
-informing telling them how to collect their mail; but this increases
+telling them how to collect their mail; but this increases
 server liability by storing messages (see Section \ref{sec:nymservers}
 below), and also doesn't really solve the problem.
 
@@ -411,7 +466,7 @@
 \label{sec:dir-servers}
 
 The Mixmaster protocol does not specify a means for clients to learn the
-locations, keys, capabilities, or performance statistics of mixes. Several
+locations, keys, capabilities, or performance statistics of MIXes. Several
 \emph{ad hoc} schemes have grown to fill that void \cite{levien}; here
 % would be nice to cite some more. eg, are there key lists, etc?
 we describe Mixminion directory servers and examine the anonymity risks
@@ -444,7 +499,7 @@
 service as a part of our standard. Thus Mixminion provides protocols for
 MIXes to advertise their capability certificates to directory servers,
 and for clients to download \emph{complete} directories.\footnote{
-  New advances in Private Information Retrieval \cite{PIR} may down the
+  New advances in Private Information Retrieval \cite{malkin-thesis} may down the
   road allow clients to efficiently and privately download a subset of
   the directory. We recommend against using the mix-net to anonymously
   retrieve a random subset: an adversary observing the directory servers
@@ -489,12 +544,13 @@
 \label{sec:nymservers}
 
 Current nymservers, such as {\tt nym.alias.net} \cite{nym-alias-net},
-maintain a set of \{email address, reply block\} pairs to allow users to
-receive mail without revealing their identities. When mail arrives to {\tt
-bob@nym.alias.net}, the nymserver attaches the payload to the associated
-reply block and sends it off into the mix-net. Because these nymservers
-use the type I remailer network, these reply blocks are \emph{persistent}
-or \emph{long-lived} nyms --- the mix network does not drop replayed
+maintain a set of (mailbox name, reply block) pairs to allow users to
+receive mail without revealing their identities. When mail arrives to
+\emailaddr{bob@nym.alias.net}, the nymserver attaches the payload to
+the associated
+reply block and sends it off into the MIX-net. Because these nymservers
+use the Type I remailer network, these reply blocks are \emph{persistent}
+or \emph{long-lived} nyms --- the MIX network does not drop replayed
 messages, so the reply blocks can be used again and again. Reply block
 management is much simpler in this model because users only need to
 replace a reply block when one of the nodes it uses stops working.
@@ -507,28 +563,28 @@
 The approach most similar to currently deployed nymservers involves
 keeping a set of reply blocks around and using one for each incoming
 message. As long as the owner of the pseudonym keeps the nymserver
-well-stocked, no messages will be lost. But it's hard to know at what
+well-stocked, no messages will be lost. But it is hard to know at what
 rate to supply the nymserver with new nyms; indeed, this approach is
 vulnerable to a DoS attack to use up all the available reply blocks and
 block further messages from getting delivered.
 
-A more robust design uses an imap-like protocol: messages arrive and queue
+A more robust design uses an IMAP-like protocol: messages arrive and queue
 at the nymserver, and the user periodically checks the status of his mail
 and sends a sufficient batch of reply blocks so the nymserver can deliver
-that mail. The above flooding attack still works, but now it's exactly
-like flooding a normal imap mailbox, and the usual techniques (e.g.,
+that mail. The above flooding attack still works, but now it is exactly
+like flooding a normal IMAP mailbox, and the usual techniques (e.g.,
 allowing the user to delete mails at the server or specify which mails to
 download and let the others expire) work fine. The user can send a set
 of hashes or other indices to the server after successfully receiving
 some messages, to indicate that those messages can now be deleted.
 
 Of course, there are different legal and security implications for the two
-designs. In the first case, no mail is stored on the server, but it's also
+designs. In the first case, no mail is stored on the server, but it is also
 keeping valid reply blocks on hand. The second case is in some sense more
 secure but also creates more liability --- the server has no valid reply
 blocks on hand in general, but it has to keep mail for each recipient
-until it's retrieved. The owner of the pseudonym could provide a public
-key which the nymserver uses to immediately encrypt all incoming messages,
+until it is retrieved. The owner of the pseudonym could provide a public
+key that the nymserver uses to immediately encrypt all incoming messages,
 to limit the amount of time the nymserver keeps plaintext messages.
 
 Which point on the spectrum is best depends on the situations and
@@ -547,14 +603,14 @@
 
 \subsection{Transmitting large files with Mixminion}
 
-http://archives.seul.org/mixminion/dev/Apr-2002/msg00031.html
+\url{http://archives.seul.org/mixminion/dev/Apr-2002/msg00031.html}
 
-\subsection{key rotation, message expiration, and replay prevention}
+\subsection{Key rotation, message expiration, and replay prevention}
 
 Mixmaster offers rudimentary replay prevention by keeping a list of recent
 message IDs. To keep the list from getting too large, it expires entries
 after a user-configurable amount of time. But if an adversary records
-the input and output batches of a mix and then replays a message after
+the input and output batches of a MIX and then replays a message after
 the mix has forgotten about it, the message's decryption will be exactly
 the same. Mixmaster does not provide the forward anonymity that we want.
 
@@ -573,18 +629,18 @@
 %`very rare' and `valid' at the same time.
 
 One way of addressing this partitioning attack is to add dummy traffic
-so it's less rare for messages to arrive near their expiration date;
+so that it is less rare for messages to arrive near their expiration date;
 but dummy traffic is still not well-understood. Another approach would
-be to add random values to the expiration time of each mix in the path,
-so an adversary delaying a message at one mix could not expect that it
+be to add random values to the expiration time of each MIX in the path,
+so an adversary delaying a message at one MIX could not expect that it
 is now near to expiring elsewhere in the path; but this seems open to
 statistical attacks.
 
-Mixminion provides a compromise solution that hopefully avoids many of
+Mixminion provides a compromize solution that hopefully avoids many of
 these problems while still providing forward anonymity. Messages don't
-contain any timestamp or expiration information. Each mix must keep
+contain any timestamp or expiration information. Each MIX must keep
 hashes of the headers of all messages it's processed since the last time
-it rotated its key. Mixes should choose key rotation frequency based on
+it rotated its key. MIXes should choose key rotation frequency based on
 security goals and on how many hashes they want to be remembering.
 
 Note that this solution doesn't entirely solve the partitioning problem
@@ -606,8 +662,8 @@
 \section{Attacks and Defenses}
 \label{sec:attacks}
 
-my aim here is to do something akin to pages 13-15 of
-http://freehaven.net/doc/casc-rep/casc-rep.ps
+[Do something akin to pages 13-15 of
+\url{http://freehaven.net/doc/casc-rep/casc-rep.ps}.]
 
 \subsection{MIX attacks}
 \label{subsec:mix-attacks}
@@ -634,24 +690,25 @@
 of a sequence of packets using a tagging attack on the first part of
 the route, then followed by an attack on the second part of the route
 to discover the destination of a sequence of packets. For this attack to
-work in addition to choosing fixed routes for many packets and attacker
+work, in addition to fixed routes being used for many packets, an attacker
 would need to control the node at which the crossover operation is
 performed. This attack is only possible against one victim at a time,
 and can only be performed by one attacker at a time.
 
 
 \subsection{Exit-based attacks}
-\label{subsec:mix-attacks}
+\label{subsec:attacks-exitbased}
+
 Attack: use delivery method to partition anon set.
-Attack: use caps to get partition anon set.
+Attack: use caps to partition anon set.
 
-[Need to expand this-Nick]
+[Need to expand this. -Nick]
 
 \subsection{Directory-based attacks}
 \label{subsec:attacks-dirbased}
 
 \begin{description}
-\item \emph{Compromise a directory server.} Identical directory listings
+\item \emph{Compromize a directory server.} Identical directory listings
   are served by a large group of servers, and signed by all.
 \item \emph{Lie to a directory server.}  Signed capability blocks, and
   the fact that a MIX's signing key is its identity, prevent this
@@ -667,7 +724,7 @@
   open problem.
 \item \emph{Flood the directories with nonfunctional MIX entries.}
   Availability statistics should mitigate this problem.  Nevertheless,
-  it remains an area of active research. \cite{mix-acc, casc-rep}
+  it remains an area of active research. \cite{mix-acc,casc-rep}
 [[WHAT OTHER DIRECTORY ATTACKS?]]
 \end{description}
 %\item \emph{X} Y.

Index: minion-design.bib
===================================================================
RCS file: /home/minion/cvsroot/doc/minion-design.bib,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- minion-design.bib	24 Apr 2002 21:01:41 -0000	1.1
+++ minion-design.bib	3 May 2002 04:44:27 -0000	1.2
@@ -1,504 +1,575 @@
+@Misc{traffic-analysis,
+   author =      {Adam Back and Ulf M\"oller and Anton Stiglic},
+   title =       {Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems},
+   howpublished = {Proceedings of the Information Hiding Workshop 2001},
+   note =        {\newline \url{http://www.cypherspace.org/adam/pubs/traffic.pdf}},
+}
+
+@Misc{TLS,
+   author =      {T. Dierks and C. Allen},
+   title =       {The {TLS} {P}rotocol --- {V}ersion 1.0},
+   howpublished = {IETF RFC 2246},
+   month =       {January},
+   year =        {1999},
+   note =        {\newline \url{http://www.rfc-editor.org/rfc/rfc2246.txt}},
+}
+
+@Misc{onion-routing,
+   author =      {Naval Research Laboratory},
+   title =       {Onion Routing Publications},
+   note =        {\newline \url{http://www.onion-router.net/Publications.html}},
+}
+
+@Article{goldschlag99,
+   author =      {D. Goldschlag and M. Reed and P. Syverson},
+   title =       {Onion routing for anonymous and private Internet connections},
+   journal =     {Communications of the ACM},
+   volume =      {42},
+   number =      {2},
+   pages =       {39--41},
+   year =        {1999},
+   note =        {\newline \url{http://citeseer.nj.nec.com/goldschlag99onion.html}},
+}
 
 @InProceedings{shuffle,
-  author = 	 {C. Andrew Neff},
-  title = 	 {A Verifiable Secret Shuffle and its Application to E-Voting},
-  booktitle = 	 {8th ACM Conference on Computer and Communications
+   author = 	 {C. Andrew Neff},
+   title = 	 {A Verifiable Secret Shuffle and its Application to E-Voting},
+   booktitle = 	 {8th ACM Conference on Computer and Communications
                   Security (CCS-8)},
-  pages =	 {116--125},
-  year =	 2001,
-  editor =	 {P. Samarati},
-  month =	 {November},
-  publisher =	 {ACM Press}
+   pages =	 {116--125},
+   year =	 2001,
+   editor =	 {P. Samarati},
+   month =	 {November},
+   publisher =	 {ACM Press},
+   note =        {\newline \url{http://www.votehere.net/ada_compliant/ourtechnology/technicaldocs/shuffle.pdf}},
 }
 
 @InProceedings{dolev91,
-  author =       {Danny Dolev and Cynthia Dwork and Moni Naor},
-  title =        {Non-Malleable Cryptography},
-  booktitle =    {23rd ACM Symposium on the Theory of Computing (STOC)},
-  pages =        {542--552},
-  year =         1991,
-  note =         {Full version available from the authors.}
+   author =      {Danny Dolev and Cynthia Dwork and Moni Naor},
+   title =       {Non-Malleable Cryptography},
+   booktitle =   {23rd ACM Symposium on the Theory of Computing (STOC)},
+   pages =       {542--552},
+   year =        1991,
+   note =        {Updated version at \url{http://citeseer.nj.nec.com/dolev00nonmalleable.html}},
 }
 
-
 @TechReport{rsw96,
-  author =       {Ronald L. Rivest and Adi Shamir and David A. Wagner},
-  title =        {Time-lock puzzles and timed-release Crypto},
-  year =         1996,
-  type =         {MIT LCS technical memo},
-  number =       {MIT/LCS/TR-684},
-  month =        {February}
+   author =      {Ronald L. Rivest and Adi Shamir and David A. Wagner},
+   title =       {Time-lock puzzles and timed-release Crypto},
+   year =        1996,
+   type =        {MIT LCS technical memo},
+   number =      {MIT/LCS/TR-684},
+   month =       {February},
+   note =        {\newline \url{http://citeseer.nj.nec.com/rivest96timelock.html}},
 }
 
-
 @InProceedings{web-mix,
-   author = {Oliver Berthold and Hannes Federrath and Stefan K\"opsell},
-   title = {Web {MIX}es: A system for anonymous and unobservable
+   author =      {Oliver Berthold and Hannes Federrath and Stefan K\"opsell},
+   title =       {Web {MIX}es: A system for anonymous and unobservable
                   {I}nternet access}, 
-   booktitle = {Designing Privacy Enhancing Technologies, {LNCS} Vol. 2009},
-   pages = {115 -- 129},
-   year = 2000,
-   publisher = {Springer-Verlag}
+   booktitle =   {Designing Privacy Enhancing Technologies, {LNCS} Vol. 2009},
+   pages =       {115--129},
+   year =        2000,
+   publisher =   {Springer-Verlag},
+   note =        {\newline \url{http://vip.poly.edu/mehdi/papers/00668973.pdf}},
 }
 
 @InProceedings{disad-free-routes,
-   author = {Oliver Berthold and Andreas Pfitzmann and Ronny Standtke},
-   title = {The disadvantages of free {MIX} routes and how to overcome
+   author =      {Oliver Berthold and Andreas Pfitzmann and Ronny Standtke},
+   title =       {The disadvantages of free {MIX} routes and how to overcome
                   them}, 
-   booktitle = {Designing Privacy Enhancing Technologies, {LNCS} Vol. 2009},
-   pages = {30 -- 45},
-   year = 2000,
-   publisher = {Springer-Verlag}
+   booktitle =   {Designing Privacy Enhancing Technologies, {LNCS} Vol. 2009},
+   pages =       {30--45},
+   year =        2000,
+   publisher =   {Springer-Verlag},
+   note =        {\url{http://www.tik.ee.ethz.ch/~weiler/lehre/netsec/Unterlagen/anon/disadvantages_berthold.pdf}},
 }
 
 @InProceedings{boneh00,
-  author =       {Dan Boneh and Moni Naor},
-  title =        {Timed Commitments},
-  booktitle =    {Advances in Cryptology -- {CRYPTO} 2000, {LNCS}
+   author =      {Dan Boneh and Moni Naor},
+   title =       {Timed Commitments},
+   booktitle =   {Advances in Cryptology -- {CRYPTO} 2000, {LNCS}
                   Vol. 1880},
-  pages =        {236--254},
-  year =         2000,
-  publisher =    {Springer-Verlag}
+   pages =       {236--254},
+   year =        2000,
+   publisher =   {Springer-Verlag},
+   note =        {\newline \url{http://crypto.stanford.edu/~dabo/abstracts/timedcommit.html}},
 }
 
 @InProceedings{goldschlag98,
-  author =       {David M. Goldschlag and Stuart G. Stubblebine},
-  title =        {Publicly Verifiable Lotteries: Applications of
+   author =      {David M. Goldschlag and Stuart G. Stubblebine},
+   title =       {Publicly Verifiable Lotteries: Applications of
                   Delaying Functions},
-  booktitle =    {Financial Cryptography, FC'98, {LNCS} Vol. 1465},
-  pages =        {214--226},
-  year =         1998,
-  publisher =    {Springer-Verlag}
+   booktitle =   {Financial Cryptography, FC'98, {LNCS} Vol. 1465},
+   pages =       {214--226},
+   year =        1998,
+   publisher =   {Springer-Verlag},
+   note =        {\newline \url{http://citeseer.nj.nec.com/goldschlag98publicly.html}},
 }
 
 @InProceedings{syverson98,
-  author =       {Paul Syverson},
-  title =        {Weakly Secret Bit Commitment: Applications to
+   author =      {Paul Syverson},
+   title =       {Weakly Secret Bit Commitment: Applications to
                   Lotteries and Fair Exchange},
-  booktitle =    {Computer Security Foundations Workshop (CSFW11)},
-  pages =        {2--13},
-  year =         1998,
-  address =      {Rockport Massachusetts},
-  month =        {June},
-  publisher =    {IEEE CS Press}
+   booktitle =   {Computer Security Foundations Workshop (CSFW11)},
+   pages =       {2--13},
+   year =        1998,
+   address =     {Rockport Massachusetts},
+   month =       {June},
+   publisher =   {IEEE CS Press},
+   note =        {\newline \url{http://chacs.nrl.navy.mil/publications/CHACS/1998/}},
 }
 
 @Misc{goldschlag-etal,
-  author =       {David M. Goldschlag and Stuart G. Stubblebine and
+   author =      {David M. Goldschlag and Stuart G. Stubblebine and
                   Paul F. Syverson},
-  title =        {Temporarily Hidden Bit Commitment and Lottery
+   title =       {Temporarily Hidden Bit Commitment and Lottery
                   Applications},
-  note =         {Submitted for journal publication.}
+   note =        {Submitted for journal publication},
 }
 
-@ARTICLE{chaum-dc,
-   author = {David Chaum},
-   title = {The {D}ining {C}ryptographers {P}roblem: Unconditional Sender and
-     Recipient Untraceability},
-   journal = {Journal of Cryptology},
-   year = {1988},
-   volume = {1},
-   pages = {65-75},
+@Article{chaum-dc,
+   author =      {David Chaum},
+   title =       {The {D}ining {C}ryptographers {P}roblem: Unconditional Sender and
+                  Recipient Untraceability},
+   journal =     {Journal of Cryptology},
+   year =        {1988},
+   volume =      {1},
+   pages =       {65--75},
+   note =        {\newline \url{http://komarios.net/crypt/diningcr.htm}},
 }
 
-@misc{mccoy-dcnets,
-   author={Jim McCoy},
-   title={Re: {DC}-net implementation via reputation capital},
-   howpublished = {$<$http://www.privacy.nb.ca/cryptography/archives/coderpunks/new/1998-10/0114.html$>$},
+@Misc{mccoy-dcnets,
+   author =      {Jim McCoy},
+   title =       {Re: {DC}-net implementation via reputation capital},
+   note =        {\newline \url{http://www.privacy.nb.ca/cryptography/archives/coderpunks/new/1998-10/0114.html}},
 }
 
-@misc{nymip,
-   author={John Bashinski et al},
-   title={The {NymIP} Effort},
-   howpublished = {$<$http://nymip.velvet.com/$>$},
+@Misc{nymip,
+   author =      {John Bashinski et al},
+   title =       {The {NymIP} Effort},
+   note =        {\newline \url{http://nymip.velvet.com/}},
 }
 
-@misc{shoup-oaep,
-   author={V. Shoup},
-   title={{OAEP} Reconsidered},
-   howpublished = {{IACR} e-print 2000/060,
-     $<$http://eprint.iacr.org/2000/060/$>$},
+@Misc{shoup-iso,
+   author =      {Victor Shoup},
+   title =       {A Proposal for an {ISO} {S}tandard for Public Key Encryption (version 2.1)},
+   note =        {Revised December 20, 2001. \url{http://www.shoup.net/papers/}},
 }
 
-@misc{oaep-plus,
-   author={E. Fujisaki and D. Pointcheval and T. Okamoto and J. Stern},
-   title={{RSA}-{OAEP} is Still Alive!},
-   howpublished = {{IACR} e-print 2000/061,
-     $<$http://eprint.iacr.org/2000/061/$>$},
+@Misc{shoup-oaep,
+   author =      {Victor Shoup},
+   title =       {{OAEP} Reconsidered},
+   howpublished = {{IACR} e-print 2000/060},
+   note =        {\newline \url{http://eprint.iacr.org/2000/060/}},
 }
 
-@misc{levien,
-   author={Tim May},
-   title={Description of {L}evien's pinging service},
-   howpublished = {\newline
-     $<$http://www2.pro-ns.net/$\tilde{\hspace{5pt}}$crypto/chapter8.html$>$},
+@Misc{oaep-still-alive,
+   author =      {E. Fujisaki and D. Pointcheval and T. Okamoto and J. Stern},
+   title =       {{RSA}-{OAEP} is Still Alive!},
+   howpublished = {{IACR} e-print 2000/061},
+   note =        {\newline \url{http://eprint.iacr.org/2000/061/}},
 }
 
-@MISC{mixmaster,
-   key = {Mixmaster},
-   author = {Electronic {F}rontiers {G}eorgia ({EFGA})},
-   title = {Anonymous Remailer Information},
-   howpublished = {\newline
-     $<$http://anon.efga.org/Remailers/$>$},
+@Misc{levien,
+   author =      {Tim May},
+   title =       {Description of {L}evien's pinging service},
+   note =        {\newline \url{http://www2.pro-ns.net/~crypto/chapter8.html}},
 }
 
-@ARTICLE{mitzenm-loss,
-   author = {G. Louth and M. Mitzenmacher and F.P. Kelly},
-   title = {Computational Complexity of Loss Networks},
-   journal = {Theoretical Computer Science},
-   year = {1994},
-   volume = {125},
-   pages = {45-59},
+@Misc{mixmaster,
+   author =      {Electronic {F}rontiers {G}eorgia ({EFGA})},
+   title =       {Anonymous Remailer Information},
+   note =        {\newline \url{http://anon.efga.org/Remailers/}},
 }
 
-@misc{hashcash,
-   title={Hash cash},
-   howpublished = {
-     $<$http://www.cypherspace.org/$\tilde{\hspace{5pt}}$adam/hashcash/$>$},
-   author = {Adam Back},
+@Misc{mixmaster-attacks,
+   author =      {Lance Cottrell},
+   title =       {Mixmaster and Remailer Attacks},
+   note =        {\newline \url{http://www.obscura.com/~loki/remailer/remailer-essay.html}},
+}
+
+@Article{mitzenm-loss,
+   author =      {G. Louth and M. Mitzenmacher and F.P. Kelly},
+   title =       {Computational Complexity of Loss Networks},
+   journal =     {Theoretical Computer Science},
+   year =        {1994},
+   volume =      {125},
+   pages =       {45-59},
+   note =        {\newline \url{http://citeseer.nj.nec.com/louth94computational.html}},
+}
+
+@Misc{hashcash,
+   author =      {Adam Back},
+   title =       {Hash cash},
+   note =        {\newline \url{http://www.cypherspace.org/~adam/hashcash/}},
 }
 
 @InProceedings{oreilly-acc,
-   author={Roger Dingledine and Michael J. Freedman and David Molnar},
-   title={Accountability},
-   booktitle = {Peer-to-peer: Harnessing the Benefits of a Disruptive 
-     Technology},
-   year = {2001},
-   publisher = {O'Reilly and Associates},
+   author =      {Roger Dingledine and Michael J. Freedman and David Molnar},
+   title =       {Accountability},
+   booktitle =   {Peer-to-peer: Harnessing the Benefits of a Disruptive 
+                  Technology},
+   year =        {2001},
+   publisher =   {O'Reilly and Associates},
 }
 
 @InProceedings{han,
-   author={Yongfei Han},
-   title={Investigation of non-repudiation protocols},
-   booktitle = {ACISP 96},
-   year = {1996},
-   publisher = {Springer-Verlag},
+   author =      {Yongfei Han},
+   title =       {Investigation of non-repudiation protocols},
+   booktitle =   {ACISP '96},
+   year =        {1996},
+   publisher =   {Springer-Verlag},
 }
 
 @InProceedings{abe,
-   author={Masayuki Abe},
-   title={Universally Verifiable {MIX} With Verification Work Independent of
-     The Number of {MIX} Servers},
-   booktitle = {Advances in Cryptology - {EUROCRYPT} 1998, {LNCS} Vol. 1403},
-   year = {1998},
-   publisher = {Springer-Verlag}, 
+   author =      {Masayuki Abe},
+   title =       {Universally Verifiable {MIX} With Verification Work Independent of
+                  The Number of {MIX} Servers},
+   booktitle =   {Advances in Cryptology - {EUROCRYPT} 1998, {LNCS} Vol. 1403},
+   year =        {1998},
+   publisher =   {Springer-Verlag},
 }
 
 @InProceedings{desmedt,
-   author={Yvo Desmedt and Kaoru Kurosawa},
-   title={How To Break a Practical {MIX} and Design a New One},
-   booktitle = { Advances in Cryptology - {EUROCRYPT} 2000, {LNCS} Vol. 1803},
-   year = {2000},
-   publisher = {Springer-Verlag},
+   author =      {Yvo Desmedt and Kaoru Kurosawa},
+   title =       {How To Break a Practical {MIX} and Design a New One},
+   booktitle =   {Advances in Cryptology - {EUROCRYPT} 2000, {LNCS} Vol. 1803},
+   year =        {2000},
+   publisher =   {Springer-Verlag},
+   note =        {\newline \url{http://citeseer.nj.nec.com/447709.html}},
 }
 
 @InProceedings{mitkuro,
-   author={M. Mitomo and K. Kurosawa},
-   title={Attack for {F}lash {MIX}},
-   booktitle = {Advances in Cryptology -\newline {ASIACRYPT} 2000,
+   author =      {M. Mitomo and K. Kurosawa},
+   title =       {Attack for {F}lash {MIX}},
+   booktitle =   {Advances in Cryptology -\newline {ASIACRYPT} 2000,
                   {LNCS} Vol. 1976},
-   year = {2000},
-   publisher = {Springer-Verlag},
+   year =        {2000},
+   publisher =   {Springer-Verlag},
+   note =        {\newline \url{http://citeseer.nj.nec.com/450148.html}},
 }
 
 @InProceedings{hybrid-mix,
-   author={M. Ohkubo and M. Abe},
-   title={A {L}ength-{I}nvariant {H}ybrid {MIX}},
-   booktitle = {Advances in Cryptology - {ASIACRYPT} 2000, {LNCS} Vol. 1976},
-   year = {2000},
-   publisher = {Springer-Verlag},
+   author =      {M. Ohkubo and M. Abe},
+   title =       {A {L}ength-{I}nvariant {H}ybrid {MIX}},
+   booktitle =   {Advances in Cryptology - {ASIACRYPT} 2000, {LNCS} Vol. 1976},
+   year =        {2000},
+   publisher =   {Springer-Verlag},
 }
 
 @InProceedings{kesdogan,
-   author={D. Kesdogan and M. Egner and T. B\"uschkes},
-   title={Stop-and-Go {MIXes} Providing Probabilistic Anonymity in an Open 
-     System},
-   booktitle = {Information Hiding Workshop 1998, {LNCS} Vol. 1525},
-   year = {1998},
-   publisher = {Springer Verlag},
+   author =      {D. Kesdogan and M. Egner and T. B\"uschkes},
+   title =       {Stop-and-Go {MIX}es Providing Probabilistic Anonymity in an Open 
+                  System},
+   booktitle =   {Information Hiding Workshop 1998, {LNCS} Vol. 1525},
+   year =        {1998},
+   publisher =   {Springer Verlag},
+   note =        {\newline \url{http://www.cl.cam.ac.uk/~fapp2/ihw98/ihw98-sgmix.pdf}},
 }
 
-
 @InProceedings{flash-mix,
-   author={Markus Jakobsson},
-   title={Flash {M}ixing},
-   booktitle = {Principles of Distributed Computing - {PODC} '99},
-   year = {1999},
-   publisher = {ACM},
+   author =      {Markus Jakobsson},
+   title =       {Flash {M}ixing},
+   booktitle =   {Principles of Distributed Computing - {PODC} '99},
+   year =        {1999},
+   publisher =   {ACM},
+   note =        {\newline \url{http://citeseer.nj.nec.com/jakobsson99flash.html}},
 }
 
 @InProceedings{SK,
-   author={Joe Kilian and Kazue Sako},
-   year ={1995},
-   booktitle = {EUROCRYPT '95},
-   title = {Receipt-Free Mix-Type Voting Scheme - A Practical Solution to 
-     the Implementation of a Voting Booth},
-   publisher = {Springer-Verlag},
+   author =      {Joe Kilian and Kazue Sako},
+   title =       {Receipt-Free {MIX}-Type Voting Scheme - A Practical Solution to
+                  the Implementation of a Voting Booth},
+   booktitle =   {EUROCRYPT '95},
+   year =        {1995},
+   publisher =   {Springer-Verlag},
 }
 
 @InProceedings{OAEP,
-   author={M. Bellare and P. Rogaway},
-   year ={1994},
-   booktitle = {EUROCRYPT '94},
-   title = {Optimal {A}symmetric {E}ncryption {P}adding : How To Encrypt With
-     {RSA}},
-   publisher = {Springer-Verlag},
+   author =      {M. Bellare and P. Rogaway},
+   year =        {1994},
+   booktitle =   {EUROCRYPT '94},
+   title =       {Optimal {A}symmetric {E}ncryption {P}adding : How To Encrypt With
+                  {RSA}},
+   publisher =   {Springer-Verlag},
+   note =        {\newline \url{http://www-cse.ucsd.edu/users/mihir/papers/oaep.html}},
 }
 
-
 @InProceedings{babel,
-   author={C. Gulcu and G. Tsudik},
-   title={Mixing {E}-mail With {B}abel},
-   booktitle = {Network and Distributed Security Symposium - {NDSS} '96},
-   year = {1996},
-   publisher = {IEEE},
+   author =      {C. Gulcu and G. Tsudik},
+   title =       {Mixing {E}-mail With {B}abel},
+   booktitle =   {Network and Distributed Security Symposium - {NDSS} '96},
+   year =        {1996},
+   publisher =   {IEEE},
+   note =        {\newline \url{http://citeseer.nj.nec.com/2254.html}}
 }
-   note = {\newline
-     $<$http://cob.isu.edu/sndss/sndss96.html$>$}
 
-@misc{freenet,
-   title = {Freenet: A Distributed Anonymous Information Storage and Retrieval 
-     System},
-   howpublished = {$<$http://freenet.sourceforge.net/$>$},
-   author = {Ian Clarke and Oskar Sandberg and Brandon Wiley and Theodore W. Hong},
+@InProceedings{freenet,
+   author =      {Ian Clarke and Oskar Sandberg and Brandon Wiley and Theodore W. Hong},
+   title =       {Freenet: {A} Distributed Anonymous Information Storage and Retrieval 
+                  System},
+   booktitle =   {Workshop on Design Issues in Anonymity and Unobservability},
+   pages =       {46--66},
+   year =        {2000},
+   author =      {Ian Clarke and Oskar Sandberg and Brandon Wiley and Theodore W. Hong},
+   note =        {\newline \url{http://citeseer.nj.nec.com/clarke00freenet.html}},
 }
 
-@misc{dodis,
-   title = {Semantically Secure Homomorphic Encryption Schemes},
-   howpublished = {manuscript},
-   author = {Yevgeniy Dodis},
+@Misc{dodis,
+   author =      {Yevgeniy Dodis},
+   title =       {Semantically Secure Homomorphic Encryption Schemes},
+   note =        {Manuscript},
 }
 
-@misc{rprocess,
-   title = {Selective Denial of Service Attacks},
-   howpublished = {\newline
-     $<$http://www.eff.org/pub/Privacy/Anonymity/1999\_09\_DoS\_remail\_vuln.html$>$},
-   author = {RProcess},
+@Misc{rprocess,
+   author =      {RProcess},
+   title =       {Selective Denial of Service Attacks},
+   note =        {\newline \url{http://www.eff.org/pub/Privacy/Anonymity/1999\_09\_DoS\_remail\_vuln.html}},
 }
 
-@misc{remailer-history,
-   title = {Description of early remailer history},
-   howpublished = {E-mail archived at $<$http://\newline
-     www.inet-one.com/cypherpunks/dir.1996.08.29-1996.09.04/msg00431.html$>$},
-   author = {Tim May},
+@Misc{remailer-history,
+   author =      {Tim May},
+   title =       {Description of early remailer history},
+   howpublished = {E-mail archived at
+                  \url{http://www.inet-one.com/cypherpunks/dir.1996.08.29-1996.09.04/msg00431.html}},
 }
 
-@misc{freehaven,
-   title = {Free {H}aven: A Distributed Anonymous Storage Service},
-   howpublished = {$<$http://freehaven.net/$>$},
-   author = {Roger Dingledine and Michael J. Freedman and David Molnar},
+@Misc{freehaven,
+   author =      {Roger Dingledine and Michael J. Freedman and David Molnar},
+   title =       {Free {H}aven: {A} Distributed Anonymous Storage Service},
+   note =        {\newline \url{http://freehaven.net/}},
 }
 
-@ARTICLE{chaum-mix,
-   author = {David Chaum},
-   title = {Untraceable electronic mail, return addresses, and digital pseudo-nyms},
-   journal = {Communications of the ACM},
-   year = {1982},
-   volume = {4},
-   number = {2},
-   month = {February},
+@Article{chaum-mix,
+   author =      {David Chaum},
+   title =       {Untraceable electronic mail, return addresses, and digital pseudo-nyms},
+   journal =     {Communications of the ACM},
+   year =        {1982},
+   volume =      {4},
+   number =      {2},
+   month =       {February},
+   note =        {\newline \url{http://www.eskimo.com/~weidai/mix-net.txt}},
 }
 
-@misc{timmay, 
-   title = {Cyphernomicon},
-   howpublished = {\newline
-     $<$http://www2.pro-ns.net/$\tilde{\hspace{5pt}}$crypto/cyphernomicon.html$>$},
-   author = {Tim May},
+@Misc{nym-alias-net,
+   author =      {David Mazi\`eres and M. Frans Kaashoek},
+   title =       {The Design, Implementation and Operation of an Email Pseudonym Server},
+   note =        {\newline \url{http://www.cs.berkeley.edu/~daw/teaching/cs261-f98/papers/pnym.txt}},
 }
 
-@misc{neochaum, 
-   title = {Payment mixes for anonymity}, 
-   howpublished = {E-mail archived at 
-     $<$http://www.inet-one.com/cypherpunks/dir.2000.02.28-2000.03.05/msg00334.html$>$},
-   author = {Tim May},
+@Misc{timmay,
+   author =      {Tim May},
+   title =       {Cyphernomicon},
+   note =        {\newline \url{http://www2.pro-ns.net/~crypto/cyphernomicon.html}},
 }
 
-
-@misc{pidaho, 
-   title = {{P}rivate {I}daho},
-   howpublished = {$<$http://www.eskimo.com/$\tilde{\hspace{5pt}}$joelm/pi.html$>$},
-   author = {Joel McNamara},
+@misc{neochaum,
+   author =      {Tim May},
+   title =       {Payment mixes for anonymity}, 
+   howpublished = {E-mail archived at
+                  \url{http://\newline www.inet-one.com/cypherpunks/dir.2000.02.28-2000.03.05/msg00334.html}},
 }
 
-@misc{potato, 
-   title = {{P}otato {S}oftware}, 
-   howpublished = {$<$http://www.skuz.net/potatoware/$>$},
-   author = {RProcess},
+@misc{pidaho,
+   author =      {Joel McNamara},
+   title =       {{P}rivate {I}daho},
+   note =        {\newline \url{http://www.eskimo.com/~joelm/pi.html}},
 }
 
-@misc{helsingius, 
-   title = {{\tt anon.penet.fi} press release}, 
-   howpublished = {\newline
-     $<$http://www.penet.fi/press-english.html$>$},
-   author = {J. Helsingius},
+@misc{potato,
+   author =      {RProcess},
+   title =       {{P}otato {S}oftware}, 
+   note =        {\newline \url{http://www.skuz.net/potatoware/}},
 }
 
-@misc{mlist2,
-   title = {Mixmaster Stats ({A}ustria)}, 
-   howpublished = {
-     $<$http://www.tahina.priv.at/$\tilde{\hspace{5pt}}$cm/stats/mlist2.html$>$},
-   author = {Christian Mock},
+@misc{helsingius, 
+   author =      {J. Helsingius},
+   title =       {{\tt anon.penet.fi} press release}, 
+   note =        {\newline \url{http://www.penet.fi/press-english.html}},
 }
 
-@misc{garay97secure,
-   author = {J. Garay and R. Gennaro and C. Jutla and T. Rabin},
-   title = {Secure distributed storage and retrieval},
-   text = {J. Garay, R. Gennaro, C. Jutla, and T. Rabin. Secure distributed
-     storage and retrieval. In 11th
-     International Workshop, WDAG '97, pages 275-- 289, Berlin, 1997.
-     Springer-Verlag. LNCS Vol. 1320.},
-   year = {1997},
+@misc{mix-stats,
+   author =      {Christian Mock},
+   title =       {Mixmaster Stats ({A}ustria)}, 
+   note =        {\newline \url{http://www.tahina.priv.at/~cm/stats/mlist2.html}},
 }
 
-@misc{PIK,
-   author = {C. Park and K. Itoh and K. Kurosawa},
-   title = {Efficient anonymous channel and all/nothing election scheme},
-   text = {C. Park, K. Itoh, and K. Kurosawa. Efficient anonymous channel and
-     all/nothing election scheme. In EuroCrypt'93, 248--259. Springer-Verlag.
-     LNCS Vol. 765.},
+@InProceedings{garay97secure,
+   author =      {J. Garay and R. Gennaro and C. Jutla and T. Rabin},
+   title =       {Secure distributed storage and retrieval},
+   booktitle =   {11th International Workshop, WDAG '97, {LNCS} Vol. 1320},
+   pages =       {275--289},
+   year =        {1997},
+   publisher =   {Springer-Verlag},
+   note =        {\newline \url{http://citeseer.nj.nec.com/garay97secure.html}},
 }
 
-@misc{pgpfaq,
-   title = {{PGP} {FAQ}},
-   howpublished = {http://www.faqs.org/faqs/pgp-faq/},
-   key = {{PGP}},
+@InProceedings{PIK,
+   author =      {C. Park and K. Itoh and K. Kurosawa},
+   title =       {Efficient anonymous channel and all/nothing election scheme},
+   booktitle =   {Advances in Cryptology -- {EUROCRYPT} '93, {LNCS} Vol. 765},
+   pages =       {248--259},
+   publisher =   {Springer-Verlag},
 }
 
-@ARTICLE{riordan-schneier,
-   author = {James Riordan and Bruce Schneier},
-   title = {A Certified E-mail Protocol with No Trusted Third Party},
-   journal = {13th Annual Computer Security Applications Conference},
-   month = {December},
-   year = {1998},
+@Misc{pgpfaq,
+   key =         {PGP},
+   title =       {{PGP} {FAQ}},
+   note =        {\newline \url{http://www.faqs.org/faqs/pgp-faq/}},
 }
 
-@ARTICLE{crowds,
-   author = {Michael K. Reiter and Aviel D. Rubin},
-   title = {Crowds: Anonymity for Web Transactions},
-   journal = {DIMACS Technical Report},
-   volume = {97},
-   number = {15},
-   month = {April},
-   year = {1997},
+@Article{riordan-schneier,
+   author =      {James Riordan and Bruce Schneier},
+   title =       {A Certified E-mail Protocol with No Trusted Third Party},
+   journal =     {13th Annual Computer Security Applications Conference},
+   month =       {December},
+   year =        {1998},
+   note =        {\newline \url{http://www.counterpane.com/certified-email.html}},
 }
 
-@MISC{hopwood,
-   author = {David Hopwood}, 
-   title = {Definition of Recipient-Hiding Cryptosystem},
-   howpublished = {sci.crypt Usenet post},
+@Article{crowds,
+   author =      {Michael K. Reiter and Aviel D. Rubin},
+   title =       {Crowds: Anonymity for Web Transactions},
+   journal =     {{DIMACS} Technical Report},
+   volume =      {97},
+   number =      {15},
+   month =       {April},
+   year =        {1997},
+   note =        {\newline \url{http://citeseer.nj.nec.com/284739.html}},
 }
 
-@MISC{freedom2,
-   author = {Zero Knowledge Systems}, 
-   title = {Freedom Version 2 White Papers},
-   howpublished = {\newline $<$http://www.freedom.net/info/whitepapers/$>$},
+@Misc{freedom,
+   author =      {Zero Knowledge Systems}, 
+   title =       {Freedom Version 2 White Papers},
+   note =        {\newline \url{http://www.freedom.net/info/whitepapers/}},
 }
 
 
-@MISC{recovery,
-   author = {Miguel Castro and Barbara Liskov}, 
-   title = {Proactive Recovery in a Byzantine-Fault-Tolerant System},
-   howpublished = {
-     $<$http://www.pmg.lcs.mit.edu/$\tilde{\hspace{5pt}}$castro/application/recovery.pdf$>$},
+@Misc{recovery,
+   author =      {Miguel Castro and Barbara Liskov}, 
+   title =       {Proactive Recovery in a Byzantine-Fault-Tolerant System},
+   note =        {\newline \url{http://www.pmg.lcs.mit.edu/~castro/application/recovery.pdf}},
 }
 
-@MISC{advogato,
-   author = {Raph Levien}, 
-   title = {Advogato's Trust Metric},
-   howpublished = {\newline
-     $<$http://www.advogato.org/trust-metric.html$>$},
+@Misc{advogato,
+   author =      {Raph Levien}, 
+   title =       {Advogato's Trust Metric},
+   note =        {\newline \url{http://www.advogato.org/trust-metric.html}},
 }
 
-@MISC{rabin-ida,
-   author = {Michael O. Rabin},
-   title = {Efficient Dispersal of Information for security, load balancing,
-     and fault tolerance },
-   booktitle = {Journal of the ACM},
-   year = {1989},
-   volume = {36},
-   number = {2},
-   series = {335-348},
-   month = {April},
+@Misc{rabin-ida,
+   author =      {Michael O. Rabin},
+   title =       {Efficient Dispersal of Information for security, load balancing,
+                  and fault tolerance},
+   booktitle =   {Journal of the ACM},
+   year =        {1989},
+   volume =      {36},
+   number =      {2},
+   series =      {335--348},
+   month =       {April},
 }
 
-@PHDTHESIS{MALKIN-THESIS,
-   author = {Tal Malkin},
-   school = {{MIT}},
-   title = {Private Information Retrieval},
-   year = {2000},
-   note = {see $<$http://www.toc.lcs.mit.edu/$\tilde{\hspace{5pt}}$tal/$>$}
+@PhdThesis{malkin-thesis,
+   author =      {Tal Malkin},
+   school =      {{MIT}},
+   title =       {Private {I}nformation {R}etrieval},
+   year =        {2000},
+   note =        {\newline \url{http://www.toc.lcs.mit.edu/~tal/}}
 }
 
-@MISC{zks,
-   title = {Zero {K}nowledge {S}ystems},
-   howpublished = {$<$http://www.freedom.net/$>$},
+@Misc{zks,
+   title =       {Zero {K}nowledge {S}ystems},
+   note =        {\newline \url{http://www.freedom.net/}},
 }  
 
-@misc{publius,
-   title = {Publius: A robust, tamper-evident, censorship-resistant and
-     source-anonymous web publishing system},
-   author = {Marc Waldman and Aviel Rubin and Lorrie Cranor}, 
+@InProceedings{publius,
+   author =      {Marc Waldman and Aviel Rubin and Lorrie Cranor}, 
+   title =       {Publius: {A} robust, tamper-evident, censorship-resistant and
+                  source-anonymous web publishing system},
+   booktitle =   {Proc. 9th USENIX Security Symposium},
+   pages =       {59--72},
+   year =        {2000},
+   month =       {August},
+   note =        {\newline \url{http://citeseer.nj.nec.com/waldman00publius.html}},
 }
 
-@MISC{freedom-nyms,
-   author = {Russell Samuels},
-   title = {Untraceable Nym Creation on the {F}reedom {N}etwork},
-   year = {1999},
-   month = {November},
-   day = {21},
+@Misc{freedom-nyms,
+   author =      {Russell Samuels},
+   title =       {Untraceable Nym Creation on the {F}reedom {N}etwork},
+   year =        {1999},
+   month =       {November},
+   day =         {21},
+   note =        {\newline \url{http://www.freedom.net/products/whitepapers/white11.html}},
 }
 
-@ARTICLE{raghavan87randomized,
-   author = {P. Raghavan and C. Thompson},
-   title = {Randomized rounding},
-   journal = {Combinatorica},
-   volume = {7},
-   pages = {365-374},
-   year = {1987}
+@Article{raghavan87randomized,
+   author =      {P. Raghavan and C. Thompson},
+   title =       {Randomized rounding: A technique for provably good algorithms and algorithmic proofs},
+   journal =     {Combinatorica},
+   volume =      {7},
+   pages =       {365--374},
+   year =        {1987},
 }
 
-@inproceedings{leighton91fast,
-   author = {Frank Thomson Leighton and Fillia Makedon and Serge A. Plotkin and
-     Clifford Stein and Eva Tardos and Spyros Tragoudas},
-   title = {Fast Approximation Algorithms for Multicommodity Flow Problems},
-   booktitle = {{ACM} Symposium on Theory of Computing},
-   pages = {101-111},
-   year = {1991}
+@InProceedings{leighton91fast,
+   author =      {Frank Thomson Leighton and Fillia Makedon and Serge A. Plotkin and
+                  Clifford Stein and Eva Tardos and Spyros Tragoudas},
+   title =       {Fast Approximation Algorithms for Multicommodity Flow Problems},
+   booktitle =   {{ACM} Symposium on Theory of Computing},
+   pages =       {101-111},
+   year =        {1991},
+   note =        {\newline \url{http://citeseer.nj.nec.com/91073.html}},
 }
 
-@misc{pk-relations,
-   author = {M. Bellare and A. Desai and D. Pointcheval and P. Rogaway},
-   title = {Relations Among Notions of Security for Public-Key Encryption
-     Schemes},
+@Misc{pk-relations,
+   author =      {M. Bellare and A. Desai and D. Pointcheval and P. Rogaway},
+   title =       {Relations Among Notions of Security for Public-Key Encryption
+                  Schemes},
    howpublished = {
-     Extended abstract in {\em Advances in Cryptology - CRYPTO '98}, LNCS Vol. 1462.
-     Springer-Verlag, 1998.
-     Full version available from \newline $<$http://www-cse.ucsd.edu/users/mihir/$>$},
+                  Extended abstract in {\em Advances in Cryptology - CRYPTO '98}, LNCS Vol. 1462.
+                  Springer-Verlag, 1998.
+                  Full version available from \newline \url{http://www-cse.ucsd.edu/users/mihir/}},
 }
 
-@misc{mix-acc,
-   author = {Roger Dingledine and Michael J. Freedman and David Hopwood and David Molnar},
-   title = {A {R}eputation {S}ystem to {I}ncrease {MIX}-net {R}eliability},
-   howpublished = {
-     Proceedings of the Information Hiding Workshop 2001.
-     Also available from $<$http://www.freehaven.net/papers.html$>$},
+@Misc{mix-acc,
+   author =      {Roger Dingledine and Michael J. Freedman and David Hopwood and David Molnar},
+   title =       {A {R}eputation {S}ystem to {I}ncrease {MIX}-net {R}eliability},
+   howpublished = {Proceedings of the Information Hiding Workshop 2001},
+   note =        {\newline \url{http://www.freehaven.net/papers.html}},
 }
 
-@inproceedings{zhou96certified,
-    author = "Zhou and Gollmann",
-    title = "Certified Electronic Mail",
-    booktitle = "{ESORICS}: European Symposium on Research in Computer
-                  Security, {LNCS} Vol. 1146", 
-    publisher = "Springer-Verlag",
-    year = "1996",
-    url = "citeseer.nj.nec.com/zhou96certified.html"
+@Misc{casc-rep,
+   author =      {Roger Dingledine and Paul Syverson},
+   title =       {Reliable {MIX} {C}ascade {N}etworks through {R}eputation},
+   howpublished = {Proceedings of Financial Cryptography 2002},
+   note =        {\newline \url{http://www.freehaven.net/papers.html}},
 }
 
-@misc{realtime-mix,
-  author = {Anja Jerichow and Jan M\"uller and Andreas Pfitzmann and
+@InProceedings{zhou96certified,
+   author =      {Zhou and Gollmann},
+   title =       {Certified Electronic Mail},
+   booktitle =   {{ESORICS}: {E}uropean {S}ymposium on {R}esearch in {C}omputer
+                  {S}ecurity, {LNCS} Vol. 1146},
+   publisher =   {Springer-Verlag},
+   year =        {1996},
+   note =        {\newline \url{http://citeseer.nj.nec.com/zhou96certified.html}},
+}
+
+@Misc{realtime-mix,
+   author =      {Anja Jerichow and Jan M\"uller and Andreas Pfitzmann and
                   Birgit Pfitzmann and Michael Waidner}, 
-  title = {Real-{T}ime {M}ixes: A Bandwidth-Efficient Anonymity Protocol},
-  howpublished = 
-    {IEEE Journal on Selected Areas in Communications 1998.},
+   title =       {Real-{T}ime {MIX}es: A Bandwidth-Efficient Anonymity Protocol},
+   howpublished = {IEEE Journal on Selected Areas in Communications 1998.},
+   note =        {\newline \url{http://www.zurich.ibm.com/security/publications/1998.html}},
+}
+
+@InProceedings{BEAR,
+    author =     {Ross Anderson and Eli Biham},
+    title =      {Two Practical and Provably Secure Block Ciphers: {BEAR} and {LION}},
+    booktitle =  {International Workshop on Fast Software Encryption, {LNCS}},
+    year =       {1996},
+    publisher =  {Springer-Verlag},
+    note =       {\newline \url{http://citeseer.nj.nec.com/anderson96two.html}},
 }