[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Strong anonymization in a fixed group of participants



The system you describe is approximately a one-hop mix, with Tor layered in
front of the mix to prevent the mix (the leader in your design) from
learning who submitted which message.  So the security against learning
group membership will reduce to the security of Tor; the security against
the leader learning who sent what reduces to the security of Tor; and the
security against a third party learning who sent what reduces to breaking
Tor *and* breaking a one-hop mix.

(Incidentally, there's an extensive literature on how to build mixes: it
turns out that "delay a random interval" isn't optimal.)

To answer your original question though, it would help to know the threat
model!  Tor will provide anonymity in this case so long as no adversary has
compromised or controls enough of the network to observe a message as it
enters and exits.  But if an attacker sees the same message entering and
exiting the tor network, they can (probabilistically) match them based on
size and timing.  This doesn't give the attacker a win against your
protocol though (IIUC) unless they also defeat the leader's mixing.

Other systems to look into here will come from the general anonymous
communications literature. DC-nets are great for low-volume broadcast among
a small number of participants, if you don't care about performance or
DoS-robustness.  Or since what you're talking about already incorporates a
mix, you could look at other mix designs for ideas.  Have a look through
http://freehaven.net/anonbib if you haven't already.

Best wishes,
-- 
Nick
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk