[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

re: problem in 3.2 "Replies"




[following up to my own mail]

I, Zooko, wrote:

> Is this really true?  As far as I can see it is impossible for a sender who 
> uses a reply block to generate a useful H2, because it is going to be 
> encrypted by the contents of H1's which the sender does not know.

Of course, the person who generated the reply block ("Alice") could have also 
generated an H2 to go with it and delivered that H2 along with the reply block 
(the H1), but in addition to being encrypted by the contents of the H1's, it 
is also going to be encrypted by the hash of an M, which Alice did not know.  
So Alice can't generate an H2 for use in a receiver-anonymous ("reply") 
message to herself either.

Now even if I am right and swaps can only occur in sender-anonymous 
("forward") messages, this is not much of a big deal I think.  A node can tell 
that a ready-to-swap message is a sender-anonymous message, but a normal non-
ready-to-swap message has almost a 0.5 chance of being a sender-anonymous 
message as well, so the node can't easily pare anonymity sets with this 
information.

Regards,

Zooko

Zooko.Com -- Security and Distributed Systems Engineering