[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reply blocks and tagging protection: a third variant

To: mixminion-dev@freehaven.net
Subject: Re: Reply blocks and tagging protection: a third variant
From: George Danezis <gd@theory.lcs.mit.edu>
Date: Tue, 9 Apr 2002 09:16:23 -0400 (EDT)
Delivered-To: archiver@seul.org
Delivered-To: mixminion-dev-outgoing@seul.org
Delivered-To: mixminion-dev@seul.org
Delivery-Date: Tue, 09 Apr 2002 09:16:24 -0400
In-Reply-To: <20020407062455.Q30692@moria.seul.org>
Reply-To: mixminion-dev@freehaven.net
Sender: owner-mixminion-dev@freehaven.net

On Sun, 7 Apr 2002, Roger Dingledine wrote:
> Which leads to the issue of putting destination information in the payload
> vs the header. I'm still not convinced by George's statement that it
> should go in the payload. First off, it seems hard to put destination
> info in the payload of a reply block: I just don't know how it could work
> with our encryption system. The guy using your reply block should not be
> able to learn (parts of) your delivery info, eg by keeping transport_type
> but changing email_address, in order to learn transport_type. Second,
> in order for tagged (and thus random) messages to not be recognizable,
> some messages must be plausibly all-random. These messages are the ones
> that are encrypted to somebody, either a forward message encrypted to
> the recipient or a reply message which has been multiply-encrypted. If
> the destination info is in plaintext, then these payloads aren't
> all-random. So tagged messages are discernable.
> 

The idea is not to explicitly put all routing information in the payload. 
Routing information should stay in the two headers. The point I tried to 
make is that the second header depends on the correct decryption of the 
payload and therefore if the payload is modified it is not possible to 
continue with the delivery. Note that this property is stronger then just 
including a hash to check the payload that a malicious node could ignore.

As I say before no routing information is in the payload, only in the 
second header, which is treated exactly like the first one after a certain 
stage. I do not see how tagging attacks would work against it.

> Can you clarify your reasoning for putting delivery info in the payload,
> George? Do you agree that the above approach is simpler but along the
> same lines? Does it lose any properties from yours?
> 

The reason why the second header should be dependent on the payload is 
that if the payload is modified, in an attempt to do a tagging attack, 
then the second header cannot be recovered. Therefore a attacker can only 
recover using a tagging attack half the route in the best case.

This property could be 
implemented by a "strip N and decode using payload" operation but I think 
it is unnecessary to provide more general operations than strictly 
necessary (unless there are other reasons). 

> Ugh. It's 7am. I reserve the right to deny this when I wake up. :)
> --Roger
> 

Yours,

George

Follow-Ups:
- Re: Reply blocks and tagging protection: a third variant
  - From: Nick Mathewson <nickm@alum.mit.edu>
- Re: Reply blocks and tagging protection: a third variant
  - From: Roger Dingledine <arma@mit.edu>
- Re: Reply blocks and tagging protection: a third variant
  - From: Roger Dingledine <arma@mit.edu>

References:
- Reply blocks and tagging protection: a third variant
  - From: Roger Dingledine <arma@mit.edu>

Prev by Date: Keeping anonymity when sending/receiving large messages
Next by Date: Re: Reply blocks and tagging protection: a third variant
Prev by thread: Reply blocks and tagging protection: a third variant
Next by thread: Re: Reply blocks and tagging protection: a third variant
Index(es):
- Date
- Thread