[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[minion-cvs] looked more at the conclusion
Update of /home/minion/cvsroot/doc
In directory moria.mit.edu:/home/arma/work/minion/doc
Modified Files:
minion-design.tex
Log Message:
looked more at the conclusion
Index: minion-design.tex
===================================================================
RCS file: /home/minion/cvsroot/doc/minion-design.tex,v
retrieving revision 1.107
retrieving revision 1.108
diff -u -d -r1.107 -r1.108
--- minion-design.tex 5 Mar 2003 07:30:59 -0000 1.107
+++ minion-design.tex 7 Mar 2003 04:36:46 -0000 1.108
@@ -1612,8 +1612,8 @@
correction codes to recover if some messages are lost.
\item Can we keep the indistinguishability of forward messages and
replies using a simpler design? We need to prove that our design provides
-unlinkability between the input bit-patterns of messages and the messages
-coming out of the network (\emph{bit-wise unlinkability}).
+\emph{bit-wise unlinkability} between the input bit-patterns of messages
+and the messages coming out of the network.
\item Currently, reply messages can be distinguished from plaintext forward
messages at the exit nodes: the former exit as encrypted data, and the
latter do not. We prevent further partitioning by arranging
@@ -1621,16 +1621,16 @@
degree of distinguishability is unsettling. Finding further means to
mitigate this problem would be helpful.
\item A \emph{synchronous batching} approach, where messages have
-deadlines at each hop, may allow easier anonymity analysis, and may
+deadlines for each hop, may allow easier anonymity analysis, and may
provide much larger anonymity sets because all messages entering the
mix-net in a given time interval are mixed together. A cascade is the
simplest example of this approach, but we should consider mechanisms for
free-route synchronous mixes. We could greatly improve our protection
against message delaying attacks and the partitioning attacks discussed
-in Section \ref{subsec:replay}. On the other hand, the cost is greater
+in Section \ref{subsec:replay}. On the other hand, the costs are greater
network synchronization and overhead, and less mix operator flexibility.
\item We need stronger intuition about how to use dummy messages. Such
-messages can be inserted either between nodes as link padding, or as
+messages can be inserted between nodes as link padding, or as
actual multi-hop Mixminion messages. We must develop a more analytically
justified approach to determine which parties send dummy messages, how many
they send, and when they send them.
@@ -1639,14 +1639,15 @@
\quad While many people have speculated about the benefits of dummy traffic,
we have not yet seen any convincing analysis. For this reason, while
Mixminion is flexible enough to support them, we plan to leave dummies
-out of the current design (other than their minimal use in Section
+out of the design (other than their minimal use in Section
\ref{subsec:batching}) until their effects on anonymity are better
understood.
\end{itemize}
We have working code which implements most of the designs described in this
-paper, with acceptable performance (approximately 1.2 MB of messages per
-second on an 800MHz Pentium-III desktop). We invite interested developers to
+paper, with acceptable performance even using 2048 bit RSA keys
+(800KB of messages per second on a 1GHz Athlon).
+We invite interested developers to
join the {\tt mixminion-dev} mailing list and examine the more detailed
Mixminion specification \cite{mixminion-spec}.
@@ -1659,7 +1660,7 @@
Lance Cottrell, and Bram Cohen, to improve the Type II remailer protocol;
their effort was abandoned in favor of Mixminion.
-Susan Born, Lucky Green, David Hopwood, David Mazieres, Peter Palfrader,
+Susan Born, Lucky Green, David Hopwood, David Mazi\`{e}res, Peter Palfrader,
Len Sassaman, Andrei Serjantov, Robyn Wagner, and Bryce ``Zooko'' Wilcox-O'Hearn
provided helpful design discussions, editing, and suggestions. We further
thank all the unnamed cypherpunks out there who have worked on remailer