Re: Forward and reply messages

[George Danezis <gd@theory.lcs.mit.edu>]

Hello everyone,

I am back in Cambridge and I am slowly working my way through the messages 
on the list.

David might have though of a new attack:

> Also, the attack still works against forward-then-reply messages (note that
> you can't swap twice on the forward part of a forward-then-reply path). That's
> the most serious problem IMHO.
> 

Can someone explain how this works? My idea was that since the message 
resulting from a tagging attacks on the first leg is completely junk the 
only information available is that the sender has sent a message. Since we 
do not provide general unobservability properties the attacker already 
knows this and I do not think can gain anything else. 

In General:

I agree with both Zooko and David that the "swap" techniques are no silver 
bullet. Indeed under attack the anonymity set is reduced (by two? not 
sure) and therefore, in theory we would need double sized paths. 

Note however that this penalty only happens when the network is under 
attack using a VERY low bandwidth, VERY high probability of not succeeding, 
VERY difficult to coordinate attack. In fact I have to confess that in 
real terms the tagging attack is soo difficult to perform, that while I 
agree we should offer options to protect against it, it is in no 
real threat model a realistic threat. I think that requiring all messages 
to be double the size or all the messages to be distinguishable as forward 
or reply is a bit of an over reaction, since it imposes a penalty all the 
time.

I keep reading,

George