| -----BEGIN PGP SIGNED MESSAGE----- | | From: Wei Dai <weidai@eskimo.com> | > I have been thinking about the problem of traffic analysis of a | > remailer. | > [...] | > The basic approach is to use this raw traffic information to calculate a | > SCORE for each user of the remailer with respect to Alice, where the | > user with the highest SCORE is the person Alice is most probably | > communicating with. The idea is that with a Chaumian mix, every time | > Alice sends a message to Bob there is always a pattern of Alice sending | > a message to the mix, followed by Bob receiving a message from the mix | > during the next batch. By counting the number of such correlations for | This sounds like a good idea. It was very interesting to see your | earlier result on the impact of dummy messages on this approach. Even a | relatively small number of batches without dummy messages allows | continual accumulation of incriminating information. It would seem that Alice can protect Bob (or Bob can protect himself) by engaging in multiple conversations through the mix. I was thinking earlier about the concept of bit buckets; people who agree to get mail that they ignore. Alice could, when talking to Bob, send copies along the way to Fred, George, and Harry, each of whom would be running a mailbot that sees the mail is not for them, and deletes it (or, perhaps better, generates a response of encrypted nonsense to flow through the mix for a while.) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume