Bryce wrote:
"Perry Metzger" <perry@piermont.com> is alleged to have written: (> Bryce wrote:)
Simple as pie, because of some of the properties of DC-Nets. If someone sends out the wrong number of pubkeys, then everyone will know, right? So when that happens everyone just reveals their shared-secret data from the DC-Net session.
And if several people lie about their shared secrets?
This is what secure bit-commitment is for. The refinements to the DC-net protocol since Chaum's original paper make this a non-issue if you are willing to spend the CPU cycles to do all of the necessary work.
If some of your N participants are going to collude to share their nyms then it is manifestly impossible to stop them. But that doesn't bother me. The purpose of this scheme is to create N nyms for N people and be sure that each of then N people who wanted a nym got one. If you are sure that each of the N people wanted a nym, then you can be sure you have a one-to-one mapping between people and nyms, but unconditional untraceability from nyms to people.
Or, to rephrase the question in a manner which my lead you to the solutions which already exists for this problem: You have an anonymous access channel in which you need to do frame reservation such that each member can reserve one and only one frame for the transmission phase which follows frame reservation. You are both talking about disrupter detection in an anonymous channel and it has already been solved...
But perhaps what you were talking about was a denial-of-service attack on the DC-Net's network layer. That has been addressed extensively in Chaum's original "Dining Cryptographers" paper. Chaum's method for dealing with denial-of-service attacks is typically brilliant, but even so it is an unwieldly and expensive (in terms of computation and bandwidth) proposition. I recommend "Dining Cryptographers" to everyone, and I hope that someone who reads it will come up with a better solution.
They already have. Actually, the trap method in Chaum's original paper is both expensive and flawed. Get a copy of EuroCrypt 89 and read the DC nets papers in there by B. den Bos and by Michael Waidner. If you are in the Bay Area I have a copy of Pfitzmann and Waidner's "Dining Cryptographers in the Disco: Unconditional Sender and Recipient Anonymity with Computational Serviceability" which I would be happy to make copies of. This is probably the most comprehensively secure DC-net scheme I am aware of; although, like most Crypto papers, it is way more complicated and computationally expensive than necessary for real life. jim