On 12 August 2013 10:21, John Preston <gizmoguy1@gmail.com> wrote:
Consider a broadcast network: an eavesdropper cannot tell who a message is intended for from just the transmission itself. By using asymmetric encryption, the contents of the message can also be made unreadable to the eavesdropper and all unintended recipients, still preserving perfect single fact anonymity.
Over time, an attacker could determine the intended recipient by looking at who sent messages within a certain time frame from receiving a message: the information gain from this is increased substantially if certain information about the protocol of the messages is known (e.g. if we're anonymising a real-time protocol, timed traffic analysis can reveal an intended recipient with a high degree of certainty). This can be defeated by including noise in the network: peers constantly produce garbage packets.
I believe that this would yield information theoretically secure anonymity, as an attacker is looking for hay in a haystack, so to speak. Obviously, the problem with this protocol is that it is horrendously inefficient.
As Lance said, this is pretty close to what alt.anonymous.messages evolved into in the 90s and early 00's. I gave a talk two weeks ago looking at 10 years of messages there and finding user errors, weak passwords, user-segmenting settings, and traffic patterns. Details are over here: http://ritter.vg/blog-deanonymizing_amm.html -tom