[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject

To: mixminion-dev@freehaven.net
From: George Danezis <gd@theory.lcs.mit.edu>
Date: Thu, 12 Sep 2002 11:25:06 -0400 (EDT)
Delivered-To: archiver@seul.org
Delivered-To: mixminion-dev-outgoing@seul.org
Delivered-To: mixminion-dev@seul.org
Delivery-Date: Thu, 12 Sep 2002 11:25:07 -0400
Reply-To: mixminion-dev@freehaven.net
Sender: owner-mixminion-dev@freehaven.net

Dear MixMinion crew,

I have just found (thanks to cryptome.org) a (pending?) U.S. patent that 
seems to claim the monopoly on the creation of single use reply blocks. 
The text can be found at:

http://cryptome.org/intel-anon.htm

Some comments:

* When reading cut through the crap that is related to physically 
implementing the thing (including the reference to the mystical art of 
"soldering"), since it is only there as a patent trick.

* The method describes a way to dynamically generate reply blocks as a 
message travels through an anonymous network: 
	- Each mix on the chain adds their address under their private 
	key, and the previous addresses, and at the end of the mix 
	chain there is a reply block that the final recipient can use.
	- It also makes references to traffic padding, delaying etc 
	without proposing any concrete scheme at all.

* The patent does not provide any mechanisms to offer strong protection 
for the forward path of the communication. It proposes that either the 
data is encrypted under the final recipient key, or not at all. It also 
does not explicitly protects the FP routing information (also proposing a 
crowds like forwarding scheme).

* The patent does not try to unify the forward path and the reply path. 
Therefore the anonymity sets are segmented.

* The patent does not explicitly describe or envisage how the Forward 
path and the reply path can be combined to provide bi-directional 
anonymity (sender and recipient anonymity).

* The patent does not explicitly protect against any traffic tagging:
	- An attacker can touch the address, data, payload, etc
	- I did not see any mentions of duplicate messages detection.
	- No integrity checks are provided at any stage (except end to end 
	for the reply data via a signature).

* References: The patent has some references to Onion routing patents 
and others from Tsudik, but no mention of the original David Chaum paper 
about how to make reply addresses. It is a pity since a very similar 
scheme is proposed that could challenge some of the claims (but IANAL).

I would be very interested to hear other people's comments. We could 
compile something and send it to cryptome.

George

Follow-Ups:
- More about patents than you wanted to know
  - From: Nick Mathewson <nickm@alum.mit.edu>

Prev by Date: Re: Introduction
Next by Date: More about patents than you wanted to know
Prev by thread: Re: (Re-)opening the API discussion.
Next by thread: More about patents than you wanted to know
Index(es):
- Date
- Thread