[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

crypto usage in my tagging-attack-prevention proposal

To: mixminion-dev@freehaven.NET
Subject: crypto usage in my tagging-attack-prevention proposal
From: Zooko <zooko@zooko.com>
Date: Wed, 03 Apr 2002 09:42:59 -0800
Delivered-To: archiver@seul.org
Delivered-To: mixminion-dev-outgoing@seul.org
Delivered-To: mixminion-dev@seul.org
Delivery-Date: Wed, 03 Apr 2002 12:46:05 -0500
Reply-To: mixminion-dev@freehaven.net
Sender: owner-mixminion-dev@freehaven.net


One more feature of my proposal for preventing tagging attacks is that it uses 
only bog-standard crypto.  Specifically it requires a few things:

1.  A symmetric cipher in which encryption and decryption operations are 
commutative and a principal can apply one of the operations without knowing 
which one it is, i.e. CTR-mode.

2.  An integrity guarantee in which Alice and Bob share a secret and Alice gives 
Bob some ciphertext along with a proof that the ciphertext hasn't been touched 
by someone who doesn't know the secret i.e. a MAC.

3.  A way to generate a large amount of garbage from a small secret such that an 
attacker can't tell whether the resulting garbage is ciphertext or garbage, 
i.e. the assumption that we all make about secure hashes being random-looking.  
(I'm not sure which assumption this is, formally.)

Regards,

Zooko

Prev by Date: Core <-> Extension interface (was: On reply blocks and tagging attacks (was: Problems with bit-twiddlers))
Next by Date: Re: Addressing the tagging attacks
Prev by thread: Re: Timestamps and delaying [Re: Addressing the tagging attacks]
Next by thread: Re: crypto usage in my tagging-attack-prevention proposal
Index(es):
- Date
- Thread