[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problems with bit-twiddlers

To: mixminion-dev@freehaven.net
Subject: Re: Problems with bit-twiddlers
From: Nick Mathewson <nickm@reputation.com>
Date: 01 Apr 2002 10:23:33 -0500
Delivered-To: archiver@seul.org
Delivered-To: mixminion-dev-outgoing@seul.org
Delivered-To: mixminion-dev@seul.org
Delivery-Date: Mon, 01 Apr 2002 10:23:35 -0500
In-Reply-To: <1017296358.15120.30.camel@o-totoro>
References: <1017296358.15120.30.camel@o-totoro>
Reply-To: mixminion-dev@freehaven.net
Sender: owner-mixminion-dev@freehaven.net

On Thu, 2002-03-28 at 01:19, Nick Mathewson wrote:
  [...]
> 3) Every header contains a hash of the next header.  The last header has
> a hash of the "header portion" of the payload.  The payload's header has
> a hash of the payload.
> 
> This would entail another kind of type specification, where a message
> would be of the form:
>        MH1 MH2 MH3 MH4 E_{K1..4}(CH1 (CH2 (CH3 Content)))
 [...]
> **Clearly, (3) is the one I liked best. :)

Except that (3) wouldn't work, naturally.  Suppose I (an adversary)
control nodes 1, 3, and 4 in a 4-node cascade.  I can make node 1 tag
the portions of each header intended for node 4.  If the honest node 2
can only check the part of the header intended for node 3, then it won't
catch the tampered message, but I can still differentiate the tampered
message at node 4.

George's current direction may be more fruitful.

-- 
Nick

Next by Date: Re: Problems with bit-twiddlers
Next by thread: Re: Problems with bit-twiddlers
Index(es):
- Date
- Thread