[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [freehaven-dev] mix-acc: witnesses provide linkability in rare case



-----BEGIN PGP SIGNED MESSAGE-----

Roger Dingledine wrote:
> Mix path P consists of mixes M_i.
> 
> A --X-- M1 --X-- M2 --X-- M3 --X-- M4 ...
>  \     /  \     /  \     /  \     /  .
>   \   /    \   /    \   /    \   /    .
>    \w/      \w/      \w/      \w/      .
> 
> If
> 
> * Each edge in the path P is broken, as X above
> * Every node M_i in P does reach some specific w
> 
> Then that w can determine P.

I don't think that's correct. Remember that each mix is batching and
reordering the messages, so w will not be able to link incoming and
outgoing messages from each uncorrupted mix, any more than a passive
adversary would in a standard mix-net.

(Of course a standard mix-net is not completely proof against active
attacks - for example an adversary can force all but a small number of
messages in a batch to be dropped, and make up the batch size with
dummy messages - but adding witnesses doesn't make that problem
any worse, AFAICS.)

> Speaking of which, does our deadline notion itself increase linkability?
> I believe it does.

Why?

- -- 
David Hopwood <david.hopwood@zetnet.co.uk>

Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5  0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBOu8BcTkCAxeYt5gVAQHzzgf+ML33ozoobznMyjOwnM6Qde1wMvipCKe8
pl5GD3rKzlXVMUkoWlIFMZ8fZ3xp16B1pwcklehujm9/OdKDixWvQbhiuClmOlNw
dD3TIZMmdIFPV04nZiUO/PMPmX2eRsEsIkXrHlF3YJ8JPOlk4V2qNhuqZpfB8voS
BX23+hRnPxMDObcRy4661D7HlKWp7Sp7f7DxRMh8R4kPCazAEpss2gDcMYLdxehJ
u87ILLrU09knFG6+U74k/3apztvBRAbyNikoFlWB9vG8mYaOGDKqz76IGFjShAd3
s4joBQ6Re55uj2wMr1m7SFD48jR+Cmn9aJ2uDlh0X5+MortjPiRXfQ==
=wVRp
-----END PGP SIGNATURE-----