[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

a better explanation of "header-swap is not perfectly indistinguishable"

To: mixminion-dev@freehaven.NET
Subject: a better explanation of "header-swap is not perfectly indistinguishable"
From: Zooko <zooko@zooko.com>
Date: Thu, 23 May 2002 10:24:37 -0700
Delivered-To: archiver@seul.org
Delivered-To: mixminion-dev-outgoing@seul.org
Delivered-To: mixminion-dev@seul.org
Delivery-Date: Thu, 23 May 2002 13:30:01 -0400
Reply-To: mixminion-dev@freehaven.net
Sender: owner-mixminion-dev@freehaven.net


I think that my earlier post "header-swap isn't perfectly indistinguishable" [1] 
didn't convey the issue very clearly.  Here I will restate it, hopefully more 
clearly and with more motivation why you should care.


Suppose I'm running a mix node.  100 messages come in.  Now I take the first 
one, and I process it (decryption, etc.).  Now assume (for sake of argument -- 
this assumption may need to be revisited afterward) that 50% of the messages 
that get sent through this network are two-way-anonymous, and 50% are sender-
anonymous.  So before I have begun processing this first message, I have a 50% 
chance of guessing which kind it is.  That is, I have no better knowledge of 
the kind of *this* message than I have just by knowing the global statistics 
of what kinds of messages are being sent.

During the processing I determine whether or not it is a swap message (this is 
a header-swap network).  Now I have more knowledge!  If it is a swap message, 
then I know that there is a 0.66 chance that it is a sender-anonymous message.  
If it is *not* a swap message, there is a 0.46 chance that it is a sender-
anonymous message!  Either way, I have learned something about the kind that 
it is.

Could I use this small amount of knowledge to combine with other knowledge in 
order to penetrate more deeply into the user's anonymity?  I think that this 
very much depends on some parts of the Mixminion design which are currently 
incomplete, such as the batching strategy and usage patterns (e.g. fragmenting, 
retrying, polling).

There is still a re-assuring kind of indistinguishability that header-swap 
does offer, though.  Suppose I take these 100 messages and I group them into 
swaps (there will be about 15) and non-swaps (there will be about 85).  Now 
I look just at the swaps.  I know that of these 15, approximately 10 of them 
are sender-anonymous and the remainder are two-way-anonymous, but processing 
the message does not give me *any* information to distinguish one swap message 
from another.  Likewise of the 85 non-swaps, I know that approximately 39 of 
them will be sender-anonymous and 46 of them will be two-way-anonymous, but 
I do not have any criteria for distinguishing one of the non-swap messages 
from another.


In sum, it is important to keep in mind that header-swap does *not* guarantee 
perfect indistinguishability, as defined like this:

Perfect Indistinguishability:  For a given message, a node's chance of 
correctly guessing whether the message is sender-anonymous or two-way-
anonymous after processing the message is not non-negligibly better than its 
chance of correctly guessing before processing the message.


Regards,

Zooko

[1] http://archives.seul.org/mixminion/dev/May-2002/msg00039.html

Prev by Date: Re: Batching Strategy and Network Structure
Next by Date: Payload encryption
Prev by thread: Roger's status
Next by thread: Payload encryption
Index(es):
- Date
- Thread