[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[freehaven-cvs] Minor in the conclusion

To: freehaven-cvs@xxxxxxxxxxxxx
Subject: [freehaven-cvs] Minor in the conclusion
From: aas23@xxxxxxxx
Date: Fri, 10 Mar 2006 20:25:53 -0500 (EST)
Delivered-to: archiver@seul.org
Delivered-to: freehaven-cvs-outgoing@seul.org
Delivered-to: freehaven-cvs@seul.org
Delivery-date: Fri, 10 Mar 2006 20:26:03 -0500
Reply-to: freehaven-dev@xxxxxxxxxxxxx
Sender: owner-freehaven-cvs@xxxxxxxxxxxxx

Update of /home/freehaven/cvsroot/doc/alpha-mixing
In directory moria:/home/aas23/doc/alpha-mixing

Modified Files:
	alpha-mixing.tex 
Log Message:
Minor in the conclusion


Index: alpha-mixing.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/alpha-mixing/alpha-mixing.tex,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -r1.23 -r1.24
--- alpha-mixing.tex	11 Mar 2006 00:58:13 -0000	1.23
+++ alpha-mixing.tex	11 Mar 2006 01:25:51 -0000	1.24
@@ -342,16 +342,16 @@
 formalism above and how can we design the system to avoid such a
 judgement?
 
-The attacker is likely to be correct --- what we
-ignore here is the fact that the choice of the security parameter is
-likely \emph{conditional} on the importance of the message and the
-attacker has used this fact to form his judgement. In order to avoid
-this, we must (paradoxically!) ignore this fact completely and pick
-alphas from a distribution which is independent of the receiver and
-the message's content. Of course, we cannot defeat this attack entirely
-because the sender's distribution will still be
-conditional on her utility function: messages from users with higher
-security needs will in fact still behave differently.
+The attacker is likely to be correct --- what we ignore here is the
+fact that the choice of the security parameter is likely
+\emph{conditional} on the importance of the message and the attacker
+has used this fact to form his judgement. In order to avoid this, we
+must (paradoxically!) ignore this fact completely and pick alphas from
+a distribution which is independent of the receiver and the message's
+content. Of course, we cannot defeat this attack entirely because the
+sender's distribution will still be conditional on her utility
+function: messages from users with higher security needs will in fact
+still behave differently.
 
 There are still external factors to consider. We'd like to
 go a step further and make the sender's software enforce that she doesn't
@@ -709,7 +709,7 @@
 streams. But the \emph{stream model} introduces many end-to-end anonymity
 attacks that seem hard to resolve simply with better batching strategies.
 
-\paragraph{A full analysis of a alpha mix design:} The alpha mix design 
+\paragraph{A full analysis of an alpha mix design:} The alpha mix design 
 has added an additional user-defined security parameter and explored
 some scenarios of attacker's knowledge about it. However, the more
 complex dynamic alpha mixes are yet to be analysed; this seems
@@ -941,22 +941,22 @@
 %(AAS: actually, I don't think the above 3 cases are what we want, I
 %think the examples ought to be rather different. 
 %
---------------------------------- AAS: Not quite sure where this fits
-in, but it is quite good.
-
-If the attacker's knowledge about the users' security parameters is
-limited, the alpha mix closely resembles pool mixes
-\cite{Serj02,trickle02}. For instance, if the users draw $\alpha$ from a
-geometric distribution and this is known to the attacker, with
-parameter $p$ (i.e. the probability of $\alpha=0,1,2,\ldots$ is $q,
-pq, ppq, \ldots$) then the anonymity of the threshold alpha mix is
-simply equivalent to a threshold pool mix with a pool/(threshold +
-pool) = $p$. Curiously, if the attacker knows nothing about the
-distribution of $\alpha$, he may still perform a similar analysis
-based on the number of incoming and outgoing messages from a mix. The
-anonymity derived in this way is an easy exercise for the reader (or
-see~\cite{DiazThesis05}, Chapter 4.6)
-
+%--------------------------------- AAS: Not quite sure where this fits
+%in, but it is quite good.
+%
+%If the attacker's knowledge about the users' security parameters is
+%limited, the alpha mix closely resembles pool mixes
+%\cite{Serj02,trickle02}. For instance, if the users draw $\alpha$ from a
+%geometric distribution and this is known to the attacker, with
+%parameter $p$ (i.e. the probability of $\alpha=0,1,2,\ldots$ is $q,
+%pq, ppq, \ldots$) then the anonymity of the threshold alpha mix is
+%simply equivalent to a threshold pool mix with a pool/(threshold +
+%pool) = $p$. Curiously, if the attacker knows nothing about the
+%distribution of $\alpha$, he may still perform a similar analysis
+%based on the number of incoming and outgoing messages from a mix. The
+%anonymity derived in this way is an easy exercise for the reader (or
+%see~\cite{DiazThesis05}, Chapter 4.6)
+%
 %---------------------------
 %
 %

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxx with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/

Prev by Author: [freehaven-cvs] Coclusion
Next by Author: [freehaven-cvs] Directory /home/freehaven/cvsroot/doc/alpha-mixing a...
Previous by thread: [freehaven-cvs] keep poking at section 2.3. still not happy with it.
Next by thread: [freehaven-cvs] happier with 2.2 and 3 now
Index(es):
- Author
- Thread