On Tue, 2014-10-07 at 14:34 -0400, Nick Mathewson wrote: > On Tue, Oct 7, 2014 at 2:29 PM, Ãyvind Saether <oyvinds@xxxxxxxxxxx> wrote: > >> Revocable anonymity. > >> http://cryptome.org/2014/10/another-tor.pdf > > > > I almost can not believe someone would write a paper describing a way > > to change Tor in a way which makes it totally insecure. > > > > Amadou Moctar Kane of KSecurity in India is free to make his own broken > > anonymity network and see how many people want to use that piece of > > garbage. > > > > It is sad that someone would waste his time writing such a paper and it > > is worse that I spent my precious time reading it. > > What's saddest: You didn't explain why you think it's broken. So > other people will have to read it too if they'd like to know whether > it's any good. I'm inclined against trusting the author's skill even if his judgment were sound. Section 4 re-hashes a few old proposals to increase Tor's anonymity, and adds a an interesting but not really explained techniques, "mixing" data from Google (this seems to mean "use Google servers as Tor nodes, but again, it's not really explained). Like others have mentioned, he moves circuit selection from the client to the directory server, so his scheme is itself broken: a malicious directory server can simply record the information, and the anonymity is broken without using secret-sharing. I wonder, though, if clients could split and publish shared secrets for routes, along with some proof they actually used the circuit for what they claim they used it for. You could do this for hidden services pretty easily, because their circuits can only be used for one thing, and they have to publish hidden service descriptors to the directories anyway; they could also publish a list of relays they had sent shared secrets to. If those relays had a way of proving they had such a fractional secret, you could get revocable anonymity for hidden services at least. I expect Mike Hearn would be interested, it dovetails well with coin taint. -- Sent from Ubuntu
Attachment:
signature.asc
Description: This is a digitally signed message part
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk