[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] More on blending attacks on threshold deterministic-...
Update of /home/freehaven/cvsroot/doc/alpha-mixing
In directory moria:/tmp/cvs-serv16130
Modified Files:
alpha-mixing.tex
Log Message:
More on blending attacks on threshold deterministic-alpha and preventing it
plus minor conflict resolution
Index: alpha-mixing.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/alpha-mixing/alpha-mixing.tex,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -r1.17 -r1.18
--- alpha-mixing.tex 11 Mar 2006 00:13:20 -0000 1.17
+++ alpha-mixing.tex 11 Mar 2006 00:24:52 -0000 1.18
@@ -454,6 +454,7 @@
%even identifying them as associated with any sensitive message.
\section{Dummies}
+\label{sec:dummies}
Our focus so far has been on steady-state networks with passive
adversaries. However, we want to provide uncertainty even in edge
@@ -602,9 +603,44 @@
necessarily including $0$). This would (1) prevent such an attack if
the adversary cannot predict her distribution, (2) still have as much
predictability on delivery time as stop-and-go mixes, and (3) unlike
-stop-and-go still allow eventual delivery of all messages not
-completely blocked. Our focus in this paper, however, is not
-end-to-end timing attacks, and we will say no more about them.
+stop-and-go, still allow eventual delivery of all messages not
+completely blocked. We are not primarily focused in this paper
+on end-to-end timing attacks, and we will say no more about them.
+
+\subsection{Variations on deterministic-alpha mixing}
+
+In the basic threshold deterministic-alpha mix, if there are
+$\mbox{\emph{threshold}} = t$ messages in alpha levels $0$ through
+$n$, all of the messages in levels $0$ through $n$ will be sent at
+once; however, they will not be mixed. The mix will send all messages
+with $\alpha = 0$, lower the stack, send the next batch of messages
+that now have $\alpha = 0$, etc. An adversary may not know exactly
+where level $i$ ends and level $i+1$ begins because there may be more
+than $t$ messages in a given level, but if more than $t$ messages
+emerge he can know that the last messages to emerge were considered
+more sensitive by there senders than the first, in a stepped linear
+order of sensitivity. And by sending in messages of his own at known
+alpha levels above $0$ the adversary can learn the exact levels of the
+messages that emerge between his messages at that alpha level. Then,
+by flooding first $\alpha = n$, then $\alpha = n-1$, \ldots, then
+$\alpha = 0$, the adversary can guarantee a flush of the mix all the
+way up to $\alpha = n$ with a knowledge of the alpha level of most of
+the messages.
+
+The simplest solution is to simply mix all messages that emerge at
+once. This will prevent an adversary from learning the sensitivity of
+messages by observing their alpha levels from their positions in the
+batch. This together with minimal dummy scheme presented in
+Section~\ref{dummies} would substantially reduce the effect of
+blending: an adversary emptying the mix of all messages up to the
+highest reasonably expected level, trickling in a message then
+flooding with $\alpha_0 = 0$ messages repeatedly to learn the
+sensitivity of that message.
+
+We could also require that the firing of the mix be
+threshold-and-timed, which would prevent the adversary from triggering
+an alpha-stack dump by only allowing messages of one alpha level to
+emerge in one time interval.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxx with
unsubscribe freehaven-cvs in the body. http://freehaven.net/