-----BEGIN PGP SIGNED MESSAGE----- The entity calling itself "Perry Metzger" <perry@piermont.com> is alleged to have written: (> Bryce wrote:)
Simple as pie, because of some of the properties of DC-Nets. If someone sends out the wrong number of pubkeys, then everyone will know, right? So when that happens everyone just reveals their shared-secret data from the DC-Net session.
And if several people lie about their shared secrets?
If some of your N participants are going to collude to share their nyms then it is manifestly impossible to stop them. But that doesn't bother me. The purpose of this scheme is to create N nyms for N people and be sure that each of then N people who wanted a nym got one. If you are sure that each of the N people wanted a nym, then you can be sure you have a one-to-one mapping between people and nyms, but unconditional untraceability from nyms to people. But perhaps what you were talking about was a denial-of-service attack on the DC-Net's network layer. That has been addressed extensively in Chaum's original "Dining Cryptographers" paper. Chaum's method for dealing with denial-of-service attacks is typically brilliant, but even so it is an unwieldly and expensive (in terms of computation and bandwidth) proposition. I recommend "Dining Cryptographers" to everyone, and I hope that someone who reads it will come up with a better solution. Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMZWjDEjbHy8sKZitAQEjvAMAq2wCpK+yGUf21bASjiaOYDAPNF8C/ogn HAqVnOYmYQMLUTqff7E+oC8uyUj+uoaQ0Fev8uzQdZZROXtbXx+Ej7gBzBFDrbp1 9mohBEWgbYS28hJH9+X3aoyYm/9wT+HX =xA+6 -----END PGP SIGNATURE-----