Sending unique/recogniziable remailer keys to suspect mixminion users

["Thomas J. Boschloo" <t.j.boschloo@hccnet.nl>]

Hello group, I wrote my own 'mixminion' protocol in February 2003 (IIRC), and a big problem that I couldn't solve was key-distribution from the remailer to the user.

In my protocol every key is only used once and once only. And after een few weeks in the process of evaluating my own protocol I thought of an attack that my protocol was very subseptible to. Namely: since every key is only used once, the remailer server can keep track of which keys it sends to which person and link them together once the key is actually being used in a message the remailer server processes.

For my protocol this is fatal. But it also seems to apply to protocols like Mixminion (I haven't read the paper recently, sorry) en Mixmaster. A suspect Mixmaster user could be given a special key upon key request. Then, upon faulty decryption with the 'normal' remailer key, every planted 'suspect' key is tried and once it decrypts succesfully with one of these 'planted' keys, the whole chain up to this point of decryption is compromised.

I wonder if you could point me in the right direction on how to solve this problem. Preferably with operational protocols like mixmaster or mixminion. I am thinking on continuing to work on my own protocol again (<home.hccnet.nl/t.j.boschloo/TLBP> if anyone cares, it is not a very clear document yet unfortunately), and if there is a good (or in fact /any/) solution to this problem I would like to know.

Regards!
Thomas J. Boschloo
Den Helder/Holland