[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New attack on mixminion (& fix)



On Sat, Aug 31, 2002 at 12:21:03AM -0400, Nick Mathewson wrote:
> On Mon, 2002-08-26 at 10:56, Roger Dingledine wrote:
>  [...]
> > Out of curiosity, is our encryption deterministic? That is, if I
> > encrypt a given payload along a given path and then do it again, will
> > the ciphermessages be linkable?
> 
> If I understand your question properly, "no."  The payload encryption
> keys are based on the SK_i shared secrets, and those are chosen randomly
> each time.

I thought so. So since the adversary can never recognize that the new
payload is the same as the original one, then the attack as George
described it will not work.

But I have the funny feeling that some other similar attack will work.

Any Adversaries here to help us out?

--Roger