A Fire Upon the Deep
In article <199501052231.OAA11745@netcom5.netcom.com>, tcmay@netcom.com (Timothy C. May) says:
Finally, his Hugo-winning novel, "A Fire Upon the Deep," has some casual mentions of crypto, including the odd speculation that those in the know in the distant future don't really trust public key crypto.
This is quite sensible given that in the Zone universe, you may have no idea how much computing power your enemies have, so no cryptography that is only computationally secure can really be trusted. _A Fire Upon the Deep_ also describes how anarchy might work on a galactic scale. For example, Vinge seems to think that arbitration organizations would be very important in such an anarchy and would acquire military characteristics. Issues of trust and reputation are also treated implicitly. There was some recent talk about network agent technology on this list. Vinge mentions almost in passing how an entire planet (or maybe planets) was taken over by an "intelligent net packet". Makes me rather nervous about things like Magic Cap... One more thing that's marginally related to cypherpunks (hey I really like this book so I'll take any chance I can to talk about it ;-) is the idea that the efficiency of distributed computation (and distributed intelligence) depends on high bandwidth and low latency of the communication medium. Since anonymity seems to have rather high costs in terms of bandwidth and latency (compare anonymous e-mail with internet video conferencing or even with normal e-mail), this implies that an organization of anonymous agents will not work as efficiently as a similar orginzation whose members are not concerned about anonymity. Wei Dai PGP encrypted mail welcome.
On Fri, 6 Jan 1995, Wei Dai wrote:
In article <199501052231.OAA11745@netcom5.netcom.com>, tcmay@netcom.com
There was some recent talk about network agent technology on this list. Vinge mentions almost in passing how an entire planet (or maybe planets) was taken over by an "intelligent net packet". Makes me rather nervous about things like Magic Cap...
does anynoe have any information about intelligent agents? I mean I know about filter and stuff, but they arent intelligent agents. I assume one would be something like the WWW worm and other searching scripts that have a database of information to cross-reference their finds and decide what to send back to you. the WWWWorm is a good centralized illustration of this, with a searchable index of HTML pages. Or is there osmethign else that makes upa "intelligent agent"
One more thing that's marginally related to cypherpunks (hey I really like this book so I'll take any chance I can to talk about it ;-) is the idea that the efficiency of distributed computation (and distributed intelligence) depends on high bandwidth and low latency of the communication medium. Since anonymity seems to have rather high costs in terms of bandwidth and latency (compare anonymous e-mail with internet video conferencing or even with normal e-mail), this implies that an organization of anonymous agents will not work as efficiently as a similar orginzation whose members are not concerned about anonymity.
i disagree storngly. anonimity with almost no increase in latency or decrease in bandwidth is easily viable. Especially if it was a group of coleagues planning to get together, I mean the remailers and stuff are a different thing altogehter, but ytalk or another confrencing system with untracable features is no problem, hell just a conference call dialing up from payphones, ora favorite hacker trick of running a conference of a COCOT. etc.... i want to know everything http://www.mcs.com/~nesta/home.html i want to be everywhere Nesta's Home Page i want to fuck everyone in the world & i want to do something that matters /-/ a s t e zine
From: Wei Dai <weidai@eskimo.com> This is quite sensible given that in the Zone universe, you may have no idea how much computing power your enemies have, so no cryptography that is only computationally secure can really be trusted. I asked Vernor about this one a few months ago. He got lucky on this one. He thought that some advances in theory might render the whole idea ridiculous. It was not the case that he was considering relative computational power, which works much better in context, especially given the hints of some computational power beyond Turing machines. A great one-liner about debating public-key, in any case. Eric
Anonymous mail has bandwidth costs that are only slightly higher than regular mail. You could hide quite a bit in most video packets. The latency is a reflection of the lack of volume, because volume is needed for reordering. If your favorite remailer gets more mail, the latency will drop. Also, on the book trend, Neal Stephenson's new book, The Diamond Age (Bantam Spectra, 1995) has a brilliant hacker dump information he comes across becuase its encrypted, and he knows he'll never manage to break the encryption scheme. I haven't finished it, but its quite good about 1/3 of the way through. Adam Wei Dai wrote: | One more thing that's marginally related to cypherpunks (hey I really | like this book so I'll take any chance I can to talk about it ;-) is | the idea that the efficiency of distributed computation (and distributed | intelligence) depends on high bandwidth and low latency of the communication | medium. Since anonymity seems to have rather high costs in terms of | bandwidth and latency (compare anonymous e-mail with internet video | conferencing or even with normal e-mail), this implies that | an organization of anonymous agents will not work as efficiently as | a similar orginzation whose members are not concerned about | anonymity. -- "It is seldom that liberty of any kind is lost all at once." -Hume
On Sat, 7 Jan 1995, Adam Shostack wrote:
Anonymous mail has bandwidth costs that are only slightly higher than regular mail. You could hide quite a bit in most video packets. The latency is a reflection of the lack of volume, because volume is needed for reordering. If your favorite remailer gets more mail, the latency will drop.
Anonymous e-mail that goes through a chain of N remailers will cost at least N times as much bandwidth and have N times as much latency as normal e-mail. But e-mail is hardly the state-of-the-art of network communication, while anonymous e-mail IS the state of the art for anonymous communication. How long will it take for the technology of anonymous video conferencing to develope, for example? By then, of course, those who are not concerned with anonymity will probably have things such as full sensory virtual interaction. Note that I SUPPORT anonymous communication, but its costs of bandwidth and latency may be a real obsticle to developing Cryptoanarchy (of the kind described by Tim May) if most people are not willing to put up with those costs. Wei Dai PGP encrypted mail welcome.
When we say 'anonymous video-conferencing' here, I take it that's not the same as in videophones whereby you sit there and have your mugshot transmitted across to the other party... that would be distinctly un-anonymous :) The thing being, say you set up an anonymous-video-or-otherwise-remailer, you have to ensure that people don't manage to get into that as such would obviously give away the identities of all parties. Given that people can supposedly hack the DOD computer system, that doesn't seem so unlikely, so are anonymous-remailers really all that safe? ------------------------------------------------------------------------------ jrt@AsiaOnline.Net john@AsiaOnline.Net PO Box 86141, Govt PO, Kln, HKG. Computers Communications Reduced Rate IDD Service Innovative Widgets Help protect the environment : This message is made from recycled electrons ------------------------------------------------------------------------------ On Sat, 7 Jan 1995, Wei Dai wrote:
On Sat, 7 Jan 1995, Adam Shostack wrote:
Anonymous mail has bandwidth costs that are only slightly higher than regular mail. You could hide quite a bit in most video packets. The latency is a reflection of the lack of volume, because volume is needed for reordering. If your favorite remailer gets more mail, the latency will drop.
Anonymous e-mail that goes through a chain of N remailers will cost at least N times as much bandwidth and have N times as much latency as normal e-mail. But e-mail is hardly the state-of-the-art of network communication, while anonymous e-mail IS the state of the art for anonymous communication. How long will it take for the technology of anonymous video conferencing to develope, for example? By then, of course, those who are not concerned with anonymity will probably have things such as full sensory virtual interaction.
Note that I SUPPORT anonymous communication, but its costs of bandwidth and latency may be a real obsticle to developing Cryptoanarchy (of the kind described by Tim May) if most people are not willing to put up with those costs.
Wei Dai PGP encrypted mail welcome.
On Mon, 9 Jan 1995, jRT wrote:
The thing being, say you set up an anonymous-video-or-otherwise-remailer, you have to ensure that people don't manage to get into that as such would obviously give away the identities of all parties. Given that people can supposedly hack the DOD computer system, that doesn't seem so unlikely, so are anonymous-remailers really all that safe?
This is why you want to use a remailer chain instead of just one remailer. Hopefully, not all of the remailers in your chain are subverted by your enemy. (They may all be subverted, but as long as not by people who cooperate with your enemy you're still ok :-) Also, make your chains as heterogeneous as possible. That is, include remailers that use different hardware, operating systems, remailer softwares, are in different countries, are controlled by different organizations, etc., so that one security hole will not compromise your entire chain. I've kinda evaded the original question, which is about the (average?) security of the individual remailers. Does anyone have a real answer? Wei Dai PGP encrypted mail welcome. (I realize a PGP signature says this implicitely, but I left my key in another computer.)
[thread name changed to reflect actual topic] Wei Dai wrote:
Note that I SUPPORT anonymous communication, but its costs of bandwidth and latency may be a real obsticle to developing Cryptoanarchy (of the kind described by Tim May) if most people are not willing to put up with those costs.
The good news is that many of the messages that people want anonymity for are *text* files, e.g., offers of services, controversial data or opinions, etc. There's a kind of tradeoff in size and urgency. To wit, it is seldom "urgent" that a 1 MB or 100 MB or whatever file get through. (Sorry I can't draw my favorite little diagram here showing the space of messages, with "urgency" and "size" as the axes.) However, I will try such a diagram here: ^ ^ | |short <---there are very few large files URGENCY |messages that must be urgently transmitted | | | | non-urgent | huge files ----------------------> text books videos 10K 1 MB 1GB S I Z E ---> (The tradeoffs are of viewing time, caching, information, etc. A short message can be _read_ quickly, and hence may need to be transmitted quickly. The canonical "Attack at dawn" message, for example. A long message, such as my 1.3 MB FAQ, clearly can be delayed for hours or days with no real loss, save impatience. My contention is that network speeds--ISDN, Mosaic usage, faster modems, direct connections--are being set up and that "urgent-but-small" messages will fit in nicely, and with low latency through remailers. In the next several years, that is.) What this means is that networks of the future, set up to handle huge files, video-on-demand, etc., will allow text messages to be carried almost unnoticeably. Interstitially, if you will. Reordering still requires N messages (whatever N may be), so it is true that remailer sites must still have some traffic. But this doesn't have to introduce latencies that are unacceptable. (If this isn't clear, what I mean by the situation about large files being shipped is that there should be little cost for users circulating their own dummy messages through remailer chains. Digital postage will cost, but costs will drop. Lots of tradeoffs here. No point in me or any of us trying to anticipate costs, volumes, etc., as these will evolve and the market will decide.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay
On Sat, 7 Jan 1995, Timothy C. May wrote:
The good news is that many of the messages that people want anonymity for are *text* files, e.g., offers of services, controversial data or opinions, etc.
There's a kind of tradeoff in size and urgency. To wit, it is seldom "urgent" that a 1 MB or 100 MB or whatever file get through. (Sorry I can't draw my favorite little diagram here showing the space of messages, with "urgency" and "size" as the axes.)
The points Tim makes here are quite good. However, I'm more concerned with a slightly longer time scale, when people focus less on FILES, but more on CONVERSATIONS and INTERACTIONS. It is then that latency becomes more problematic. Can anyone give me an estimate of when truly anonymous video conferencing will become possible? This is not just to help me make the point, but I'm really wondering. Wei Dai
Wei Dai wrote:
The points Tim makes here are quite good. However, I'm more concerned with a slightly longer time scale, when people focus less on FILES, but more on CONVERSATIONS and INTERACTIONS. It is then that latency becomes more problematic.
Can anyone give me an estimate of when truly anonymous video conferencing will become possible? This is not just to help me make the point, but I'm really wondering.
I didn't know you meant real-time conversations and interactions. These are indeed very hard to get acceptable latency on in mixes. Defeating traffic analysis in such a case is highly problematic, at least with conventional remailers. (Unconventional remailers, such as a dedicated telephone "traffic scrambler," with lots of internal bandwith between nodes, could work. Obviously a lot of other traffic would have to be flowing in and out.) The tradeoffs are best analyzed with an actual mathematical model of nodes, traffic rates, clumping of traffic, etc., rather than our hand-waving here (hand-waving is OK for broad conceptual points, but not in cases like this). I'll be interested in what others calculate, but I think "conversation mixes" are several years off, at best. The upcoming demo of Voice PGP by Phil Zimmermann (scheduled to appear at the Demo Day meeting next Saturday) may be a step in this direction. BTW, to my graph in my last post we could add a z-axis representing "value." Roughly, how much per unit of data transmitted. The crypto-canonical "Attack at dawn" message might easily be worth many dollars per byte to transmit untraceably, whereas a casual phone conversation between Alice and Bob may not be worth (to them, separately or in combination) much more than a few cents per kilobyte transmitted. In other words, there are economic as well as technologic reasons I doubt we'll see low-latency, high-bandwidth audio or video remailers anytime soon. (As we're seeing now: short messages can get through in tens of seconds, But like I said, some calculations are called for. I'd start by analyzing the existing voice-over-Internet systems, the packet sizes, and so forth. My suspicion is that Alice and Bob cannot defeat traffic analysis while ~10K bits per second are flowing continuously between them (audio), at least not until _many_ subnetworks are _much_ faster. Also, the CPU loads would be great (= costly)). Video is even further off. Tricks to reduce bandwidth may help. The digital mixes implicitly assumed in "True Names"--the year before Chaum published his seminal mix paper--are a ways off. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay
On Sat, 7 Jan 1995, Timothy C. May wrote:
The tradeoffs are best analyzed with an actual mathematical model of nodes, traffic rates, clumping of traffic, etc., rather than our hand-waving here (hand-waving is OK for broad conceptual points, but not in cases like this).
Are there any theoritical tools developed especially for this type of analysis? If so, can anyone provide some references?
I'll be interested in what others calculate, but I think "conversation mixes" are several years off, at best. The upcoming demo of Voice PGP by Phil Zimmermann (scheduled to appear at the Demo Day meeting next Saturday) may be a step in this direction.
Secrecy will of course have to come before anonymity. I am eagerly awaiting Voice PGP, but unfortuanately can't make the Demo Day meeting. Will someone please report the highlights?
In other words, there are economic as well as technologic reasons I doubt we'll see low-latency, high-bandwidth audio or video remailers anytime soon. (As we're seeing now: short messages can get through in tens of seconds,
So, the situation: high-latency, low-bandwidth e-mail remailers the goal: low-latency, high-bandwidth interactive A/V type anonymity, but this seems too far away Perhaps we can tackle the problems of latency and bandwidth seperately. That is, develop 2 sets of anonymity tools: 1. low-latency, low-bandwidth, for use in textual interactions such as MUD and IRC 2. high-latency, high-bandwidth, for non-interactive A/V use, perhaps anonymous TV broadcasting I'm not too familiar with DC-nets, but they can probably be used as tool set #1. (correct me if i'm wrong) How about tool set number 2?
My suspicion is that Alice and Bob cannot defeat traffic analysis while ~10K bits per second are flowing continuously between them (audio), at least not until _many_ subnetworks are _much_ faster. Also, the CPU loads would be great (= costly)). Video is even further off. Tricks to reduce bandwidth may help.
Indeed, Vinge makes use of such a trick in True Names. If I remember correctly, the technology in the story includes the ability to compress full virtualy reality type interactions down to a few hundred bytes per second! (maybe is was thousands, but either way it seems unlikely) Vinge seems to be a stronger believer of compression. There is a similar technology in A Fire Upon the Deep.
Wei Dai wrote: ...
Are there any theoritical tools developed especially for this type of analysis? If so, can anyone provide some references?
No, this is too small a community for such tools to exist off-the-shelf. Start with the standard mix papers, mentioned here often. Also, Hal Finney made a first stab at a more careful calculation of just how well remailer's do their job...this was about half a year ago, as I recall.
So, the situation: high-latency, low-bandwidth e-mail remailers the goal: low-latency, high-bandwidth interactive A/V type anonymity, but this seems too far away
The goal for whom? I find IRC a waste of time, so "anonymous audivisual" is not even on my radar screen of things of interest. I think it's >10 years off.
Perhaps we can tackle the problems of latency and bandwidth seperately. That is, develop 2 sets of anonymity tools: 1. low-latency, low-bandwidth, for use in textual interactions such as MUD and IRC 2. high-latency, high-bandwidth, for non-interactive A/V use, perhaps anonymous TV broadcasting
Think market. I don't see anyone paying for this until costs drop dramatically. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay
On Sat, 7 Jan 1995, Timothy C. May wrote:
Perhaps we can tackle the problems of latency and bandwidth seperately. That is, develop 2 sets of anonymity tools: 1. low-latency, low-bandwidth, for use in textual interactions such as MUD and IRC 2. high-latency, high-bandwidth, for non-interactive A/V use, perhaps anonymous TV broadcasting
Think market. I don't see anyone paying for this until costs drop dramatically.
Oops, I didn't mean to exhort anyone to actually make the tools, but was just thinking about the feasibilities. (I know, "Cypherpunks write code", not "Cypherpunks convince others to write code." ;) OTOH, I DO think people with anonymity needs will pay for lower latency and/or higher bandwidth (right now probably tool set #1 will have a greater demand, given the heavy use of MUDs and IRC). In the longer term, anonymous communication is in danger of being used only by fringe groups if it falls too much behind the non-anonymous kind in terms of latency and bandwidth (and cost, I guess). Maybe ONLY drug dealers, nuclear terrorists, etc., will use anonymous remailers when full sensory virtual interaction is the must popular way for most people to communicate and remailers are still the only choice for the anonymity-conscious. By then, the remailers themselves will be in danger of being outlawed, or just close down for lack of business.
I find IRC a waste of time, so "anonymous audivisual" is not even on my radar screen of things of interest. I think it's >10 years off.
I think limited virtual interaction can be available on the Internet in 5 years (in prototype), so I sure hope anonymous A/V is not that far off. I know, I know, the market will decide... But second guessing the market can be fun and sometimes profitable. Just look at all those people trying to make money on the stock market. Sorry if I'm hammering the subject to death... Wei Dai
Oops, what I meant to add onto that last bit was that if you're required to keep records of the to and from, and especially the contents, you are severely likely to be raided by some govt agency whenever they wanna see who said what. I'd think twice about using a remailer that kept records on it all. ------------------------------------------------------------------------------ jrt@AsiaOnline.Net john@AsiaOnline.Net PO Box 86141, Govt PO, Kln, HKG. Computers Communications Reduced Rate IDD Service Innovative Widgets Help protect the environment : This message is made from recycled electrons ------------------------------------------------------------------------------
participants (6)
-
Adam Shostack -
eric@remailer.net -
jRT -
Nesta Stubbs -
tcmay@netcom.com -
Wei Dai