[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

re: problem in 3.2 "Replies"

To: mixminion-dev@freehaven.NET
Subject: re: problem in 3.2 "Replies"
From: zooko@zooko.com
Date: Mon, 06 May 2002 17:02:41 -0700
Delivered-To: archiver@seul.org
Delivered-To: mixminion-dev-outgoing@seul.org
Delivered-To: mixminion-dev@seul.org
Delivery-Date: Mon, 06 May 2002 20:07:04 -0400
Reply-To: mixminion-dev@freehaven.net
Sender: owner-mixminion-dev@freehaven.net

[following up to my own mail]

I, Zooko, wrote:

> Is this really true?  As far as I can see it is impossible for a sender who 
> uses a reply block to generate a useful H2, because it is going to be 
> encrypted by the contents of H1's which the sender does not know.

Of course, the person who generated the reply block ("Alice") could have also 
generated an H2 to go with it and delivered that H2 along with the reply block 
(the H1), but in addition to being encrypted by the contents of the H1's, it 
is also going to be encrypted by the hash of an M, which Alice did not know.  
So Alice can't generate an H2 for use in a receiver-anonymous ("reply") 
message to herself either.

Now even if I am right and swaps can only occur in sender-anonymous 
("forward") messages, this is not much of a big deal I think.  A node can tell 
that a ready-to-swap message is a sender-anonymous message, but a normal non-
ready-to-swap message has almost a 0.5 chance of being a sender-anonymous 
message as well, so the node can't easily pare anonymity sets with this 
information.

Regards,

Zooko

Zooko.Com -- Security and Distributed Systems Engineering

Follow-Ups:
- re: problem in 3.2 "Replies"
  - From: George Danezis <gd@theory.lcs.mit.edu>

Prev by Date: problem in 3.2 "Replies"
Next by Date: Re: Lurkers: First draft: call for comments (was Re: Paper deadlines)
Prev by thread: Re: problem in 3.2 "Replies"
Next by thread: re: problem in 3.2 "Replies"
Index(es):
- Date
- Thread