re: problem in 3.2 "Replies"

[George Danezis <gd@theory.lcs.mit.edu>]

Zooko,

The swap operation is present in ALL messages (sender,
bidirectionally anonymous). In the case of a forward message the 
sender can generate the swap operation at the end of the first header.
In the case of a bidirectional message the second header is the reply 
block, but the sender can still add a swap operation at the end of the 
first header. 

The only case when a swap operation is not taking place is the pure return 
path.

George

On Mon, 6 May 2002 zooko@zooko.com wrote:

> 
> [following up to my own mail]
> 
> I, Zooko, wrote:
> 
> > Is this really true?  As far as I can see it is impossible for a sender who 
> > uses a reply block to generate a useful H2, because it is going to be 
> > encrypted by the contents of H1's which the sender does not know.
> 
> Of course, the person who generated the reply block ("Alice") could have also 
> generated an H2 to go with it and delivered that H2 along with the reply block 
> (the H1), but in addition to being encrypted by the contents of the H1's, it 
> is also going to be encrypted by the hash of an M, which Alice did not know.  
> So Alice can't generate an H2 for use in a receiver-anonymous ("reply") 
> message to herself either.
> 
> Now even if I am right and swaps can only occur in sender-anonymous 
> ("forward") messages, this is not much of a big deal I think.  A node can tell 
> that a ready-to-swap message is a sender-anonymous message, but a normal non-
> ready-to-swap message has almost a 0.5 chance of being a sender-anonymous 
> message as well, so the node can't easily pare anonymity sets with this 
> information.
> 
> Regards,
> 
> Zooko
> 
> Zooko.Com -- Security and Distributed Systems Engineering
>