[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[minion-cvs] tweaks, plus a skeleton conclusion

To: mixminion-cvs@freehaven.net
Subject: [minion-cvs] tweaks, plus a skeleton conclusion
From: arma@seul.org (Roger Dingledine)
Date: Sat, 4 May 2002 22:08:58 -0400 (EDT)
Delivered-To: archiver@seul.org
Delivered-To: mixminion-cvs-outgoing@seul.org
Delivered-To: mixminion-cvs@seul.org
Delivery-Date: Sat, 04 May 2002 22:08:58 -0400
Reply-To: mixminion-cvs@freehaven.net
Sender: owner-mixminion-cvs@freehaven.net

Update of /home/minion/cvsroot/doc
In directory moria.seul.org:/home/arma/work/minion/doc

Modified Files:
	minion-design.tex 
Log Message:
tweaks, plus a skeleton conclusion



Index: minion-design.tex
===================================================================
RCS file: /home/minion/cvsroot/doc/minion-design.tex,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -d -r1.20 -r1.21
--- minion-design.tex	5 May 2002 01:21:23 -0000	1.20
+++ minion-design.tex	5 May 2002 02:08:55 -0000	1.21
@@ -407,9 +407,11 @@
 look for resulting patterns.
 
 The attack is possible only if the adversary happens to own the crossover
-point --- and Alice chooses the crossover point. If Alice were sending
-only one message, then this multiple-message tagging attack also would
-not be possible. Thus Alice picks $k$ paths for sending her $n$
+point that Alice chooses.
+% If Alice were sending
+%only one message, then this multiple-message tagging attack also would
+%not be possible.
+Thus Alice picks $k$ paths for sending her $n$
 messages;\footnote{
   We can prevent the adversary from using divide-and-conquer on Alice's
   batches if Alice uses a hybrid path starting with a short cascade ---
@@ -424,8 +426,9 @@
 point, the tagging attack is equivalent to the dropping attack. The
 crossover point in question simply doesn't deliver the message to the
 second leg. Therefore, if the adversary doesn't own most of the crossover
-points that Alice's chooses, a successful multiple-message tagging attack
-is infeasible.
+points that Alice chooses, a successful multiple-message tagging attack is
+infeasible. We leave a security analysis of this multiple-paths approach
+to future work; but see Section \ref{subsec:choosing-paths}.
 
 \section{Related design decisions}
 
@@ -760,6 +763,7 @@
 \section{Maintaining anonymity sets}
 
 \subsection{Long-term nyms: how to choose paths for reply blocks}
+\label{subsec:choosing-paths}
 
 This question is hard. We're going to have to argue about it for a
 while more, I think.
@@ -852,6 +856,17 @@
 
 \section{Future Directions}
 \label{sec:conclusion}
+
+This design document represents the first step in peer review of the
+Type III remailer protocol. Many of the ideas, ranging from the core
+design to peripheral design choices, need more attention:
+
+\begin{itemize}
+\item We need to analyze the proposed defense against the multiple-message
+tagging attack.
+\end{itemize}
+
+
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

Prev by Date: [minion-cvs] a first cut of the core design section
Next by Date: [minion-cvs] cleaned up the message types subsec
Prev by thread: [minion-cvs] a first cut of the core design section
Next by thread: [minion-cvs] cleaned up the message types subsec
Index(es):
- Date
- Thread