[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: End to end mixminion rationalized, with compression and K-of-N

To: mixminion-dev@freehaven.net
Subject: Re: End to end mixminion rationalized, with compression and K-of-N
From: Nick Mathewson <nickm@alum.mit.edu>
Date: 15 Oct 2002 11:05:21 -0400
Delivered-To: archiver@seul.org
Delivered-To: mixminion-dev-outgoing@seul.org
Delivered-To: mixminion-dev@seul.org
Delivery-Date: Tue, 15 Oct 2002 11:05:23 -0400
In-Reply-To: <20021015043901.I17342@moria.seul.org>
References: <1034318032.2773.36.camel@o-totoro> <20021015043901.I17342@moria.seul.org>
Reply-To: mixminion-dev@freehaven.net
Sender: owner-mixminion-dev@freehaven.net

On Tue, 2002-10-15 at 04:39, Roger Dingledine wrote: 
 [...]
> Since we already say 'tag' in the context of a tagging attack, can we use
> an alternate name for this? id? mid (mixminion id)? something better? :)
 [...]
>                                                          State-keeping
> surb? State-carrying surb? We may be able to decide a better name here
> once we've renamed 'tag' above.

I have no attachment to the current names.  I'll try to think of some
better ones; other people should think too, since I might not come up
with anything.

> >     Let M = M | PRNG(Len(M) - NUM_CHUNKS*PS*K)
> 
> Is the arg to PRNG going to be negative here?

Oops.  You're right.  The operands of the subtraction should be
switched.

> >     For i from 0 to NUM_CHUNKS - 1:
> >        Let CHUNK_i = M[i*PS*K : (i+1)*PS*K]
> 
> If we're using the same notation as before, this should be M[i*PS*K :
> PS*K], yes?  I think I argued a while ago we might want to change to
> your above notation. Should we?

Ick; I misremembered and thought we had.  Honestly, I like my current
notation better, but we can do better than argue about notations.  Is
there a major precedent for either one?  (I'm modeling my current one
after slicing in Python, Matlab, etc.)

 [...]
> > Note that a message will rely intact if and only if at least K
> 
> 'rely'? You mean 'arrive'? 'remain'?

"Arrive."

 [...]
> > THE DESIGN ITSELF
> 
> Bedtime for me. I'll read the meat of this tomorrow. :)

Cool.

By the way, I found an error in my spec when I was implementing it.  In
section "C" the following text is wrong:


      If message-type  'PLAIN' or 'REPLY', let SZ = 28K. Else let
          SZ= 28K-42bytes.   (SZ is the amount of data that fits
          in a single payload.  'ENCRYPT' messages lose 42 bytes
          to OAEP padding.)

It should say instead:

      If message-type  'PLAIN' or 'REPLY', let SZ = 28K. Else let
          SZ= 28K-38bytes.  (SZ is the amount of data that fits
          in a single payload.  'ENCRYPT' message lose 42 bytes to
          OAEP padding, gain 20 bytes by stretching the RSA-encrypted
          data into the Tag field, and lose 16 bytes by storing the 
          session key.)

-- 
Nick

References:
- End to end mixminion rationalized, with compression and K-of-N
  - From: Nick Mathewson <nickm@alum.mit.edu>
- Re: End to end mixminion rationalized, with compression and K-of-N
  - From: Roger Dingledine <arma@mit.edu>

Prev by Date: Re: End to end mixminion rationalized, with compression and K-of-N
Next by Date: Re: End to end mixminion rationalized, with compression and K-of-N
Prev by thread: Re: End to end mixminion rationalized, with compression and K-of-N
Next by thread: Re: End to end mixminion rationalized, with compression and K-of-N
Index(es):
- Date
- Thread