Re: [freehaven-dev] RFC: Design for an anonymous network [switching sym keys]

[Michael J Freedman <mfreed@MIT.EDU>]

At 07:09 AM 3/6/2001 -0500, you wrote:
>On Mon, Mar 05, 2001 at 01:22:16PM -0500, Michael J Freedman wrote:
>> 2.    Problem;  M knows symmetric keys down to both A and B.  
>>       Solution:  When A sends its first message to B (say,
>> ENDPOINT_ROUTE_CREATE), it can include n random numbers (equal in size to
>> the n
>> symmetric keys), such that
>> 
>>       new_key = (old_key + random) mod k
>> 
>> i.e., it performs arithmetic transformation in some prime field k to
prevent M
>> from being able to decrypt future message between A and B.  Obviously, this
>> requires a bit of more public_key operations: 
>>       
>>       ENDPOINT_ROUTE_CREATE_MSG = {r1..rn}_PK_fs_B
> 
>I don't understand how this works. Can you go through it in more detail?
>
>Specifically, I'm wondering how you tell the middlemen about their new
>keys without letting M also learn them. (The ways I've thought of so
>far are either clumsy, broken, or both.)

Amazingly, this detail slipped my mind.  This was something that just
occurred to me when writing up the draft, so perhaps I didn't flush out all
the details.

Well, the obvious way is just public-key encrypt the random number to
middlement using their PK_net.  Admittedly, that's not terribly nice, but
only will give us an extra PK operation on like 56 bits or something.

--mike


-----
"Not all those who wander are lost."                  mfreed@mit.edu