[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[minion-cvs] Comments on abstract and sec1. Other sections will fol...
Update of /home/minion/cvsroot/doc
In directory moria.seul.org:/tmp/cvs-serv20543
Modified Files:
minion-design.tex
Log Message:
Comments on abstract and sec1. Other sections will follow. Grep for XXXX or ????.
Index: minion-design.tex
===================================================================
RCS file: /home/minion/cvsroot/doc/minion-design.tex,v
retrieving revision 1.80
retrieving revision 1.81
diff -u -d -r1.80 -r1.81
--- minion-design.tex 6 Nov 2002 02:57:07 -0000 1.80
+++ minion-design.tex 6 Nov 2002 03:26:29 -0000 1.81
@@ -54,20 +54,22 @@
\pagestyle{plain}
\begin{abstract}
-
We present Mixminion, a message-based anonymous remailer protocol with
secure single-use reply blocks. Mix nodes cannot distinguish
Mixminion forward messages from reply messages, so forward and reply
messages share
the same anonymity set. We add directory servers that allow users to
learn public keys and performance statistics of participating remailers,
-and we describe nymservers that allow users to maintain long-term
+and we describe nymservers that provide long-term
pseudonyms using single-use reply blocks as a primitive. Our design
integrates link encryption between remailers to provide
forward anonymity. Mixminion works in a real-world Internet environment,
requires little synchronization and coordination between nodes, and
protects against almost all known attacks.
-
+% ???? Can we say something stronger than 'against almost all known
+% attacks?' Maybe we can note that we protect against all known
+% attacks at least as well as any other known system with our
+% design parameters. -NM
\end{abstract}
\begin{center}
@@ -80,14 +82,18 @@
\label{sec:intro}
Chaum first introduced anonymous remailers over 20 years ago
-\cite{chaum-mix}. The research community has since introduced many new
+\cite{chaum-mix}.
+% ???? Did Chaum introduce anonymous remailers? Weren't there
+% penet-style things before mix-nets? -NM
+The research community has since introduced many new
designs and proofs
\cite{abe}\cite{babel}\cite{flash-mix}\cite{kesdogan}\cite{shuffle}\cite{hybrid-mix},
and discovered a variety of new attacks
\cite{back-traffic-analysis}\cite{langos02}\cite{disad-free-routes}\cite{desmedt}\cite{mitkuro}\cite{raymond00}.
But because many of the newer designs require considerable coordination or
synchronization, deployed remailers still use Cottrell's Mixmaster
-design from 1994 \cite{mixmaster-attacks}\cite{mixmaster-spec}. Here we describe
+design from 1994 \cite{mixmaster-attacks}\cite{mixmaster-spec}. Here
+we describe
Mixminion, a protocol for asynchronous loosely federated remailers that
maintains Mixmaster's flexibility while addressing the following flaws:
@@ -126,12 +132,15 @@
describe a protocol which allows recipients to opt out of receiving mail
from remailers, but at the same time makes it difficult for an adversary
to deny service to interested recipients.
+% XXXX Actually, Mixmaster allows nodes to -have- different policies:
+% there's just not a good way to advertise your policies beyond
+% simple capabilities. -NM
\item \textbf{Replay prevention and key rotation:}
If an adversary records the input and output batches of a mix and then
replays a given message, that message's decryption will be exactly the
same. Thus replayed messages completely break the security of the mix
-\cite{chaum-mix}. Mixmaster offers rudimentary replay prevention by
+\cite{chaum-mix}. Mixmaster offers replay prevention by
keeping a list of recent message IDs --- but to keep the list from
getting too long, it expires old entries. The adversary simply has to
wait until the mix has forgotten about a
@@ -182,6 +191,9 @@
%researchers and Mixmaster remailer operators. This design document
%represents the first step in peer review of the Type III remailer
%protocol.
+
+% XXXX Mention that we're type-III, and that Mixmaster v4 'will'
+% support type-III? -NM
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%