[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Strong anonymization in a fixed group of participants

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Strong anonymization in a fixed group of participants
From: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Mon, 6 Aug 2012 12:50:31 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 06 Aug 2012 12:49:55 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=ZBRX+D2ixkBHZcDWrgl1YbwVkR5tNih2OOdInD9pKfU=; b=L/MuWghlg2F4pTpp8oRYlQX9+xMlzXL5oeVgHuNCppDtg87Mvd1o9vgqIneQMIf5Iu HHSugRv0NLH7iitJAebEqN6p7xbGp/Ly7RwcTLEgMooWTtZbEgOOJtIVqoQxvGX0Zc7O Jp6Zjaxygp7xwNW52ry3Uv1/zQHLp/JJEZi3qxgI8OqA31/Cj1PO51Ndg4/Dz9iwoJ5o zvISAZpqlmQQsqx4qYyrxETg8wD7cwkb3u3yxCYa6TdgiUEDzXejOpMRF81tQHlkkiM4 gFKTYueWRnYoQb+n1PYFmOASU+HKXhbMZQrtLAXOPa/JHJKUvbEpjd20yzuN+ZzFxXDh OSzQ==
In-reply-to: <1344266515-sup-2195@ezyang>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1344266515-sup-2195@ezyang>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

The system you describe is approximately a one-hop mix, with Tor layered in
front of the mix to prevent the mix (the leader in your design) from
learning who submitted which message.  So the security against learning
group membership will reduce to the security of Tor; the security against
the leader learning who sent what reduces to the security of Tor; and the
security against a third party learning who sent what reduces to breaking
Tor *and* breaking a one-hop mix.

(Incidentally, there's an extensive literature on how to build mixes: it
turns out that "delay a random interval" isn't optimal.)

To answer your original question though, it would help to know the threat
model!  Tor will provide anonymity in this case so long as no adversary has
compromised or controls enough of the network to observe a message as it
enters and exits.  But if an attacker sees the same message entering and
exiting the tor network, they can (probabilistically) match them based on
size and timing.  This doesn't give the attacker a win against your
protocol though (IIUC) unless they also defeat the leader's mixing.

Other systems to look into here will come from the general anonymous
communications literature. DC-nets are great for low-volume broadcast among
a small number of participants, if you don't care about performance or
DoS-robustness.  Or since what you're talking about already incorporates a
mix, you could look at other mix designs for ideas.  Have a look through
http://freehaven.net/anonbib if you haven't already.

Best wishes,
-- 
Nick
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Strong anonymization in a fixed group of participants
  - From: Edward Z. Yang

References:
- [tor-talk] Strong anonymization in a fixed group of participants
  - From: Edward Z. Yang

Prev by Author: Re: [tor-talk] Private Tor network on IPv6 only
Next by Author: Re: [tor-talk] Bug Remains: OpenSSL library does not load unless bridges are used
Previous by thread: [tor-talk] Strong anonymization in a fixed group of participants
Next by thread: Re: [tor-talk] Strong anonymization in a fixed group of participants
Index(es):
- Author
- Thread