Re: Reply-block based pseudonym systems are broken? [Was: Re: SURB-Format]

[tainaron@xxxxxxxxxxxxxxxx]

Hi,

Nick wrote:
>>  What is the dev stage of "The Pynchon Gate"?
> [...] Personally, I worry that any full-padded solution like this could
> lose enough users to resource demands and performance overheads as to
> outweigh its anonymity gains.

I read Goldberg's paper "Improving the Robustness of Private Information
Retrieval", and I have to admit I'm impressed by the efforts behind it.

However, in my opinion those approaches might be (provocatively speaking)
complex variants of the equally secure "everybody downloads everything".
For each single user a server has to read and process every message (or at
least a significant subset) from disk, and any given user has to query as
many servers as possible. At least at the server side this does not look
like it scales well...

So why don't we stick with broadcast media like "alt.anonymous.messages"?
Given that there is already newsgroup support for Mixminion lying around,
this could easily be extended to something like a "broadcast delivery".

I'm thinking of a "broadcast:destination" target, where the destination is
appropriately hashed/encrypted and used as a message identifier, i.e. the
subject of the resulting newsgroup article.
This would not require keys (like the public key that's usually stored at
the server for a particular pseudonym), but for authentication/encryption
one could still use SURBs or just PGP for example.

Any thoughts on that?

Cheers.