[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New attack on mixminion (& fix)

To: mixminion-dev@freehaven.net
Subject: Re: New attack on mixminion (& fix)
From: Roger Dingledine <arma@mit.edu>
Date: Sat, 31 Aug 2002 02:35:47 -0400
Delivered-To: archiver@seul.org
Delivered-To: mixminion-dev-outgoing@seul.org
Delivered-To: mixminion-dev@seul.org
Delivery-Date: Sat, 31 Aug 2002 02:35:51 -0400
In-Reply-To: <1030767663.4335.973.camel@o-totoro>; from nickm@alum.mit.edu on Sat, Aug 31, 2002 at 12:21:03AM -0400
References: <Pine.LNX.4.44.0208151435170.18206-100000@blackbird.lcs.mit.edu> <20020826105621.O3237@moria.seul.org> <1030767663.4335.973.camel@o-totoro>
Reply-To: mixminion-dev@freehaven.net
Sender: owner-mixminion-dev@freehaven.net
User-Agent: Mutt/1.2.5.1i

On Sat, Aug 31, 2002 at 12:21:03AM -0400, Nick Mathewson wrote:
> On Mon, 2002-08-26 at 10:56, Roger Dingledine wrote:
>  [...]
> > Out of curiosity, is our encryption deterministic? That is, if I
> > encrypt a given payload along a given path and then do it again, will
> > the ciphermessages be linkable?
> 
> If I understand your question properly, "no."  The payload encryption
> keys are based on the SK_i shared secrets, and those are chosen randomly
> each time.

I thought so. So since the adversary can never recognize that the new
payload is the same as the original one, then the attack as George
described it will not work.

But I have the funny feeling that some other similar attack will work.

Any Adversaries here to help us out?

--Roger

References:
- New attack on mixminion (& fix)
  - From: George Danezis <gd@theory.lcs.mit.edu>
- Re: New attack on mixminion (& fix)
  - From: Roger Dingledine <arma@mit.edu>
- Re: New attack on mixminion (& fix)
  - From: Nick Mathewson <nickm@alum.mit.edu>

Prev by Date: Re: New attack on mixminion (& fix)
Prev by thread: Re: New attack on mixminion (& fix)
Next by thread: Re: K-of-N information dispersal for Mixmaster
Index(es):
- Date
- Thread