[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: On reply blocks and tagging attacks (was Re: Problems with bit-twiddlers)

To: mixminion-dev@freehaven.net
Subject: Re: On reply blocks and tagging attacks (was Re: Problems with bit-twiddlers)
From: Roger Dingledine <arma@mit.edu>
Date: Tue, 2 Apr 2002 15:08:55 -0500
Delivered-To: archiver@seul.org
Delivered-To: mixminion-dev-outgoing@seul.org
Delivered-To: mixminion-dev@seul.org
Delivery-Date: Tue, 02 Apr 2002 15:08:55 -0500
In-Reply-To: <Pine.LNX.4.44.0204021315440.23124-100000@blackbird.lcs.mit.edu>; from gd@theory.lcs.mit.edu on Tue, Apr 02, 2002 at 01:24:35PM -0500
References: <20020402010248.O10839@moria.seul.org> <Pine.LNX.4.44.0204021315440.23124-100000@blackbird.lcs.mit.edu>
Reply-To: mixminion-dev@freehaven.net
Sender: owner-mixminion-dev@freehaven.net
User-Agent: Mutt/1.2.5.1i

On Tue, Apr 02, 2002 at 01:24:35PM -0500, George Danezis wrote:
> > (If we want to allow people to use the reply block anonymously, we
> > might declare that only the first 8 of the 16 hops can be pre-filled;
> > thus the sender can add up to 8 more before he sends it. Intermediate
> > hops can still add a single bonus hop a la Babel, but not more than one.)
> 
> This is very difficult to do since the creators of the two headers cannot 
> know the secrets inside the others in order to compute the hashes. 
> Suddenly the only architecture to bridge between normal and reply modes are 
> special modules.

True.

So that means that we can't anonymously use reply blocks? That is a
flaw which must be fixed.

One approach is to separate 'forward' and 'reply' messages in the eyes of
the mix-net. Let them be handled differently. (We would need a protocol
for bridging between the two.)

It's worth noting that if we do this, the reply messages will be getting
successively *wrapped* in encryption; it's up to the recipient to pull
off the decryptions to read them. So they will always look random when
they are delivered. So the stomping attacks Nick described are harder
to detect. Right?

Can you guys elaborate on some of the attacks and problems that arise
when we allow the adversary to partition forward messages from replies?
Right now I'm thinking it's not so bad an idea. But maybe that's because
I haven't thought it through far enough. :)

--Roger

References:
- On reply blocks and tagging attacks (was Re: Problems with bit-twiddlers)
  - From: Roger Dingledine <arma@mit.edu>
- Re: On reply blocks and tagging attacks (was Re: Problems withbit-twiddlers)
  - From: George Danezis <gd@theory.lcs.mit.edu>

Prev by Date: Re: On reply blocks and tagging attacks (was Re: Problems with bit-twiddlers)
Next by Date: Re: On reply blocks and tagging attacks (was Re: Problems withbit-twiddlers)
Prev by thread: Core <-> Extension interface (was: On reply blocks and tagging attacks (was: Problems with bit-twiddlers))
Next by thread: daystamp attacks
Index(es):
- Date
- Thread