[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Minion paper comments

To: mixminion-dev@freehaven.net
Subject: Re: Minion paper comments
From: George Danezis <gd@theory.lcs.mit.edu>
Date: Mon, 27 Jan 2003 11:03:27 -0500 (EST)
Cc: Adam Shostack <adam@homeport.org>
Delivered-to: archiver@seul.org
Delivered-to: mixminion-dev-outgoing@seul.org
Delivered-to: mixminion-dev@seul.org
Delivery-date: Mon, 27 Jan 2003 11:03:38 -0500
In-reply-to: <20030114100309.C4668@moria.mit.edu>
Reply-to: mixminion-dev@freehaven.net
Sender: owner-mixminion-dev@freehaven.net

Dear Adam & all,

To start with I would like to thank Adam for the comments. Every time I 
leave the paper and the spec I feel they are perfect and every time someone 
looks at it they prove to me again that it needs loads of work.

I am the one that has introduced this notation and I would like to explain 
myself. 

> > In section IV.A, you confuse anonymity (without a name) with
> > pseudonymity.  In "1", If Alice is anonymous, its (A)^x_i, not (A)^X 
> > In 3, Alice and Bob remain pseudonymous for their conversation.
> 
> Hrm. Our notation seems all screwed up here, doesn't it. Certainly the
> messages that use reply blocks should be using ^y_i, since there's no
> such thing as a multi-use reply block. And I agree -- I don't understand
> the notion of "Alice communicating anonymously with a pseudonym". The
> Mixminion network provides forward anonymity, meaning I guess (A),
> and Alice can choose to sign her messages with some key (pseudonym)
> that persists between messages.

Everything inside the parenthesis in (A)^x, namely the identity of
Alice, is not know to anyone if the network has not been attacked
successfully. Now, (A)^x is a transient identity, even if it only used 
once (an in the case of a single forward message). Now the transient 
identity (A)^x might want to have a persistent relationship with someone 
else, and therefore include MANY reply blocks in a forward messages for 
example: 

(A)^x -> B: M, (A)^x_1 ... (A)^x_n

Now this is not pseudonymity as we usually understand it since nothing 
links the SURBs except the fact that they are all sent by (A)^x. If this 
was not the case they would indeed be unlinkable.

Of course digital signatures could be used to link them together or even
link different conversations together in a non-repudiable manner. But in
this case this is not the objective at all. In introducing this notation I
wanted to keep in people minds that their transactions can be pseudonymous
even if they do not explicitelly use pseudonyms (just by the linking 
that the same message provides).

Maybe we should clarify or otherwise change the notation.

Yours,

George

References:
- Re: Minion paper comments
  - From: Roger Dingledine <arma@mit.edu>

Prev by Date: CodeCon presentations announced and registration open
Previous by thread: Re: Minion paper comments
Next by thread: minion pinger
Index(es):
- Date
- Thread