[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[minion-cvs] Added some more details on the information contained in...

To: mixminion-cvs@freehaven.net
Subject: [minion-cvs] Added some more details on the information contained in...
From: gd@seul.org
Date: Mon, 6 May 2002 18:42:23 -0400 (EDT)
Delivered-To: archiver@seul.org
Delivered-To: mixminion-cvs-outgoing@seul.org
Delivered-To: mixminion-cvs@seul.org
Delivery-Date: Mon, 06 May 2002 18:42:23 -0400
Reply-To: mixminion-cvs@freehaven.net
Sender: owner-mixminion-cvs@freehaven.net

Update of /home/minion/cvsroot/doc
In directory moria.seul.org:/tmp/cvs-serv1634

Modified Files:
	MixMin-arch-2.tex minion-design.tex 
Log Message:
+ Added some more details on the information contained in each sub header.
+ Wrote that we only require to receive of SURBS to remember private keys.
+ Moved stuff from the preamble of "replies" to "Related design..."
+ Anonymized the paper for review.



Index: MixMin-arch-2.tex
===================================================================
RCS file: /home/minion/cvsroot/doc/MixMin-arch-2.tex,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- MixMin-arch-2.tex	1 Apr 2002 19:39:18 -0000	1.7
+++ MixMin-arch-2.tex	6 May 2002 22:42:20 -0000	1.8
@@ -301,16 +301,19 @@
 32767 should be registered and well known. Values greater than 32767
 can be used freely but could result in clashes.
 
-The \emph{reuse level} allows an intermediary mix to let through the same
-headers many times. It is important to observe that multiple use
-return blocks offer much weaker anonymity than one use return
-blocks. They allow the server to know that the address is reused and
-link messages together. Server can know where it is on the path. They
-also allow servers to perform message tagging in order to detect the
-message later on the path if it goes through another corrupt
-server. Multiple use reply blocks should be avoided is the
-functionality can be implemented in another way. The Reuse level is
-set to zero if the message is not a multiple use return address.
+% Removed by GD
+% (Since we have not found a way of securing MURBS it is not useful)
+% 
+% The \emph{reuse level} allows an intermediary mix to let through the same
+% headers many times. It is important to observe that multiple use
+% return blocks offer much weaker anonymity than one use return
+% blocks. They allow the server to know that the address is reused and
+% link messages together. Server can know where it is on the path. They
+% also allow servers to perform message tagging in order to detect the
+% message later on the path if it goes through another corrupt
+% server. Multiple use reply blocks should be avoided is the
+% functionality can be implemented in another way. The Reuse level is
+% set to zero if the message is not a multiple use return address.
 
 The \emph{return level} field SHOULD be used on the last header of a
 return block (usually addressed to the creator of the block) to remind

Index: minion-design.tex
===================================================================
RCS file: /home/minion/cvsroot/doc/minion-design.tex,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -d -r1.33 -r1.34
--- minion-design.tex	6 May 2002 08:21:06 -0000	1.33
+++ minion-design.tex	6 May 2002 22:42:20 -0000	1.34
@@ -27,19 +27,26 @@
 %\fi
 
 \title{Mixminion: Design of a Type III Anonymous Remailer}
-\author{George Danezis\inst{1} \and Roger Dingledine\inst{2} \and David Hopwood\inst{3}
-        \and Nick Mathewson\inst{4}}
-\institute{Cambridge
-\email{\emailaddr{george.danezis@cambridge}}
-\and
-The Free Haven Project
-\email{\emailaddr{arma@mit.edu}}
-\and
-Independent consultant
-\email{\emailaddr{david.hopwood@zetnet.co.uk}}
-\and
-The Free Haven Project
-\email{\emailaddr{nickm@alum.mit.edu}}}
+
+% Removed for anonymous review
+% 
+% \author{George Danezis\inst{1} \and Roger Dingledine\inst{2} \and David Hopwood\inst{3}
+%         \and Nick Mathewson\inst{4}}
+% \institute{Cambridge University
+% \email{\emailaddr{george.danezis@cl.cam.ac.uk}}
+% \and
+% The Free Haven Project
+% \email{\emailaddr{arma@mit.edu}}
+% \and
+% Independent consultant
+% \email{\emailaddr{david.hopwood@zetnet.co.uk}}
+% \and
+% The Free Haven Project
+% \email{\emailaddr{nickm@alum.mit.edu}}}
+\author{Name of Author(s)}
+\institute{Name of Institute(s)}
+
+
 \maketitle
 \pagestyle{empty} 
   
@@ -233,6 +240,17 @@
 next MIX. We describe the behavior of the last MIX in
 Section \ref{subsec:delivery-modules}.
 
+% A bit more detail about waht is contained in the header: -George
+
+Headers addressed to each intermediate mix are encrypted using RSA-OAEP
+ \cite{PKCS1} and are of 128kb each. They contain a secret addressed
+to the node that can be used to generate padding and decrypt the rest
+of the message. They also contain the address of the next node to 
+which to message should be forwarded along with its expected signature 
+key fingerprint. In order to frustrate tagging attacks (as described later
+in the paper) the sub-header also contains a hash of the header that
+should be checked. 
+
 % This last paragraph assumes that the audience already knows the
 % material well enough to know that Alice encrypts each layer with the
 % appropriate MIX's public key. Is this assumption safe -Nick
@@ -367,10 +385,14 @@
 \label{subsec:replies}
 
 The rest of this section describes the mechanism for secure replies,
-including some new attacks and how we defeat them. We also discuss using
-link-level encryption with ephemeral keys to provide forward anonymity,
-message types and modules to handle different types of messages, and
-exit policies for advertising what delivery options a node will provide.
+including some new attacks and how we defeat them. The model that 
+Mixminion follows in order to implement replies is inspired by 
+BABEL \cite{babel}, as it requires the receiver of a reply block to
+keep no other state than it private keys, in order to read the reply.
+All the secrets that are required in order to strip the layers of
+encryption are derived from a master secret contained in the last
+header of the single use reply block that the creator of the block
+addresses to themselves and encrypt under their own public key.
 
 \subsection{Indistinguishable replies}
 \label{subsec:header-swap}
@@ -414,6 +436,9 @@
 % Nope. We're just bluffing. Is that ok? -RRD
 % We're not bluffing.  George used to have a way, but we haven't
 %   mentioned it here.  Should we?  -Nick
+% The trick is to use the nym servers: you send a normal email to
+% the nym server which takes care of the messsage packaging and
+% injects it in the remailer network. -George
 
 We divide a message's path into two \emph{legs}, and split the header
 into two equal-size subheaders, each corresponding to a single leg.
@@ -594,6 +619,11 @@
 
 \section{Related design decisions}
 
+In this section we discuss how we are using
+link-level encryption with ephemeral keys to provide forward anonymity,
+message types and modules to handle different types of messages, and
+exit policies for advertising what delivery options a node will provide.
+
 \subsection{Link-level encryption and what it gets us}
 \label{subsec:link-encrypt}
 
@@ -1091,7 +1121,7 @@
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
-\section*{Acknowledgements}
+\section*{Acknowledgments} Removed for anonymous review.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

Prev by Date: Re: [minion-cvs] removed the three paragraphs david (accidentally?) adde...
Next by Date: [minion-cvs] Tweaks based on Len"s and Zooko"s comments. More remai...
Prev by thread: [minion-cvs] more fixes from nick and david
Next by thread: [minion-cvs] Tweaks based on Len"s and Zooko"s comments. More remai...
Index(es):
- Date
- Thread