Chaum Fathers Bastard Child To RubberHose ... PrivaTegrity cMix
http://www.wired.com/2016/01/david-chaum-father-of-online-anonymity-plan-to-... Now Chaum has returned with his first online privacy invention in more than a decade. And with it, he wants to bring those crypto wars to an end... a new encryption scheme he calls PrivaTegrity ... based on cMix. Chaum wouldn't comment on whether the project... would be commercialized or run as a non-profit. Chaum is also building into PrivaTegrity another feature... a backdoor that allows anyone doing something "generally recognized as evil" to have their anonymity and privacy stripped altogether. Nine server council... a hoseablitly focus point similar to Tor dirauths. In any case... interesting. https://www.scribd.com/doc/294737065/cMix-Anonymization-by-High-Performance-...
On 7 January 2016 at 05:51, grarpamp <grarpamp@gmail.com> wrote:
online privacy encryption scheme backdoor that allows anyone […] to have their anonymity and privacy stripped altogether
I don't know, maybe I'm retarded, but this doesn't compute. What I'm afraid though, is that such abominations might catch on, because people like adopting flawed things, that give them illusion of control. -- Daniel Ziółkowski http://tracerneo.eu.org/
Tracerneo writes: | On 7 January 2016 at 05:51, grarpamp <grarpamp@gmail.com> wrote: | >online privacy | >encryption scheme | >backdoor that allows anyone..to have their anonymity and privacy stripped | altogether | | I don't know, maybe I'm retarded, but this doesn't compute. | | What I'm afraid though, is that such abominations might catch on, | because people like adopting flawed things, that give them illusion of | control. With respect, the stripping involved requires unanimity amongst the nine sites, each much different than the other. If one is to dismiss Chaum's scheme due to the possibility of 9-way unanimous collusion, then, in like manner, all threshold (split-key) cryptosystems are unacceptable. And then there is the DNS where the possibility of collusion amongst all root servers would also trigger disavowal of the DNS. I'm probably missing your point. --dan
Dan, The 9 servers are operated by Chaum, and is the software and OS config open source and 3rd party verifiable as being the same as running on the servers? 9 servers will be operated in 9 different jurisdictions, not by 9 separate unrelated 'entities'. 'Trust us' is just something we've become accustomed to not needing. Travis On Fri, Jan 8, 2016, 11:48 PM <dan@geer.org> wrote:
Tracerneo writes: | On 7 January 2016 at 05:51, grarpamp <grarpamp@gmail.com> wrote: | >online privacy | >encryption scheme | >backdoor that allows anyone..to have their anonymity and privacy stripped | altogether | | I don't know, maybe I'm retarded, but this doesn't compute. | | What I'm afraid though, is that such abominations might catch on, | because people like adopting flawed things, that give them illusion of | control.
With respect, the stripping involved requires unanimity amongst the nine sites, each much different than the other. If one is to dismiss Chaum's scheme due to the possibility of 9-way unanimous collusion, then, in like manner, all threshold (split-key) cryptosystems are unacceptable. And then there is the DNS where the possibility of collusion amongst all root servers would also trigger disavowal of the DNS.
I'm probably missing your point.
--dan
Actually, the nine servers are not operated by Chaum. They're operated by "highly skilled people in this room who know how to build and run a secure data center". At least that's what he said at the talk I witnessed where he unveiled it. Additionally, Chaum's design allows an entity operating one of the servers to introduce their own policy - "it's not up to me what policy you want to introduce; the system is neutral". So, first of all there's Chaum's obvious failure to recognize that in the same room are the exact people who could hack into a "secure data center". Second, he implied that, with the use of these policies, if a message were to traverse a network with nodes operated by the US, Canada, Egypt, India, Pakistan, Iran, Russia, China and Japan, it would require the admins from those countries to all agree to decrypt, turning the solution into a political - not mathematical - one. Now, I'm personally hardly a supporter of the idea, and hate the fact that Chaum's idea lends credibility to Comey's "smart people just need to work on it" position. In fact, I consider any sort of backdoored system tantamount to treason to cryptography, and antithetical to its purpose. But I do think it's important to debate on the actual facts at hand. - A On Saturday, January 9, 2016 3:58:46 PM PST Travis Biehn wrote:
Dan, The 9 servers are operated by Chaum, and is the software and OS config open source and 3rd party verifiable as being the same as running on the servers?
9 servers will be operated in 9 different jurisdictions, not by 9 separate unrelated 'entities'.
'Trust us' is just something we've become accustomed to not needing.
Travis
On Fri, Jan 8, 2016, 11:48 PM <dan@geer.org> wrote:
Tracerneo writes: | On 7 January 2016 at 05:51, grarpamp <grarpamp@gmail.com> wrote: | >online privacy | >encryption scheme | >backdoor that allows anyone..to have their anonymity and privacy
stripped
| altogether | | I don't know, maybe I'm retarded, but this doesn't compute. | | What I'm afraid though, is that such abominations might catch on, | because people like adopting flawed things, that give them illusion of | control.
With respect, the stripping involved requires unanimity amongst the nine sites, each much different than the other. If one is to dismiss Chaum's scheme due to the possibility of 9-way unanimous collusion, then, in like manner, all threshold (split-key) cryptosystems are unacceptable. And then there is the DNS where the possibility of collusion amongst all root servers would also trigger disavowal of the DNS.
I'm probably missing your point.
--dan
On Mon, 11 Jan 2016 22:15:36 -0800 Alex Stahl <alex@testcore.net> wrote:
Second, he implied that, with the use of these policies, if a message were to traverse a network with nodes operated by the US, Canada, Egypt, India, Pakistan, Iran, Russia, China and Japan,
I think the actual network would be more like washington, boston, new york, los angeles, london, panama, puerto rico, marshal islands and maybe brussels.
Point is the technology is neutral/agnostic to its location and operator - and that a key part of the solution is in fact political. Hell, I'm still wondering who would use such a system in the first place without the imposition of regulation? On Tuesday, January 12, 2016 3:31:49 AM PST juan wrote:
On Mon, 11 Jan 2016 22:15:36 -0800
Alex Stahl <alex@testcore.net> wrote:
Second, he implied that, with the use of these policies, if a message were to traverse a network with nodes operated by the US, Canada, Egypt, India, Pakistan, Iran, Russia, China and Japan,
I think the actual network would be more like washington, boston, new york, los angeles, london, panama, puerto rico, marshal islands and maybe brussels.
On Mon, 11 Jan 2016 23:30:49 -0800 Alex Stahl <alex@testcore.net> wrote:
Point is the technology is neutral/agnostic to its location and operator - and that a key part of the solution is in fact political.
Oh yes, I do see that. And it's based on the 'division-of-power' and 'checks-and-balances' doctrine, which I don't find especially convincing or effective.
Hell, I'm still wondering who would use such a system in the first place without the imposition of regulation?
Well, the leaders of the liberal democracies might be able to create a few laws and regulations to adopt chaum's system and save the children from digital terrorism. Or something.
On Tuesday, January 12, 2016 3:31:49 AM PST juan wrote:
On Mon, 11 Jan 2016 22:15:36 -0800
Alex Stahl <alex@testcore.net> wrote:
Second, he implied that, with the use of these policies, if a message were to traverse a network with nodes operated by the US, Canada, Egypt, India, Pakistan, Iran, Russia, China and Japan,
I think the actual network would be more like washington, boston, new york, los angeles, london, panama, puerto rico, marshal islands and maybe brussels.
Sounds like we're in agreement then that crypto systems with political solutions aren't actually crypto solutions at all then? Anyone else (dis)agree? On Tuesday, January 12, 2016 4:56:06 AM PST juan wrote:
On Mon, 11 Jan 2016 23:30:49 -0800
Alex Stahl <alex@testcore.net> wrote:
Point is the technology is neutral/agnostic to its location and operator - and that a key part of the solution is in fact political.
Oh yes, I do see that. And it's based on the 'division-of-power' and 'checks-and-balances' doctrine, which I don't find especially convincing or effective.
Hell, I'm still wondering who would use such a system in the first place without the imposition of regulation?
Well, the leaders of the liberal democracies might be able to create a few laws and regulations to adopt chaum's system and save the children from digital terrorism. Or something.
On Tuesday, January 12, 2016 3:31:49 AM PST juan wrote:
On Mon, 11 Jan 2016 22:15:36 -0800
Alex Stahl <alex@testcore.net> wrote:
Second, he implied that, with the use of these policies, if a message were to traverse a network with nodes operated by the US, Canada, Egypt, India, Pakistan, Iran, Russia, China and Japan,
I think the actual network would be more like washington, boston, new york, los angeles, london, panama, puerto rico, marshal islands and maybe brussels.
On Mon, 2016-01-11 at 22:15 -0800, Alex Stahl wrote:
Second, he implied that, with the use of these policies, if a message were to traverse a network with nodes operated by the US, Canada, Egypt, India, Pakistan, Iran, Russia, China and Japan, it would require the admins from those countries to all agree to decrypt, turning the solution into a political - not mathematical - one.
The whole point of cryptography is to be secure against political problems such as this. Despite whatever good Chaum may be known for, this is bad, and not something I will ever use if I can possibly help it.
-- Shawn K. Quinn <skquinn@rushpost.com>
The 9 servers are operated by Chaum, and is the software and OS config open source and 3rd party verifiable as being the same as running on the servers?
9 servers will be operated in 9 different jurisdictions, not by 9 separate unrelated 'entities'.
'Trust us' is just something we've become accustomed to not needing.
I'm not going to disagree with that at all, but here's the thing: There has to be a root of trust in some way even if (or particularly if) that root is math, pure math, and nothing but the math so help me God. That being said, I would suspect that any system which permits absolutely zero recourse against things done with it that a super majority of citizens considers abhorrent is a system that will not be long tolerated and thus will not long exist. What then is a useful model of recourse? The essential idea of checks and balances is that of prevention, viz., that no one entity can permanently subvert the workings of democratic society. (Here I have to ask to please spare me the anti-democratic invective.) I have to agree with some poster or other who said that Chaum's system only works if it is the only system, otherwise the evil will just run down some other pipe than his. Fair enough, but if one is brilliant and paranoid, then a system that invests absolutism in no single party is a design goal, and a worthy design goal at that. At the same time, if one's paranoia, existential or otherwise, gets the better of you, then you will want keep your hand on the tiller even while delegating fragments of your authority all about. So it is, I suspect, the case here. In other words, if you are too paranoid then you will never be able to turn the whole thing over to its fate as embodied in its design and its design alone -- you will wreck it all out of the kind of paternalism that does seem to be irreducible core of nearly every argument in the public sphere about safety. Seriously, I am not arguing for cMix or Mr. Chaum. I am saying, carefully and calmly, that some understandable form of recourse is an unavoidable condition for willing public acquiescence. Chaum made a proposal. Comey made a proposal. Proposals are likely to now sprout like wildflowers. Make one. Thinking out loud, --dan
On Fri, Jan 15, 2016 at 06:17:42PM -0500, dan@geer.org wrote:
That being said, I would suspect that any system which permits absolutely zero recourse against things done with it that a super majority of citizens considers abhorrent is a system that will not be long tolerated and thus will not long exist. What then is a useful model of recourse?
A super majority of citizens are, by definition, insane. The purpose of any decent anonymity system is to give the slender, sane minority a fighting chance--and by extension, the human race. https://medium.com/@toholdaquill/the-triumph-of-nonsense-b38b70ab1bfd
Seriously, I am not arguing for cMix or Mr. Chaum. I am saying, carefully and calmly, that some understandable form of recourse is an unavoidable condition for willing public acquiescence.
Why on earth is willing public acquiescence a desirable quality in an anonymity system? Fuck their recourse. jmp
On 01/15/2016 04:17 PM, dan@geer.org wrote: <SNIP>
That being said, I would suspect that any system which permits absolutely zero recourse against things done with it that a super majority of citizens considers abhorrent is a system that will not be long tolerated and thus will not long exist. What then is a useful model of recourse?
That may be so. But rather than a "useful model of recourse", what's needed are anonymity systems that super majorities can't compromise or take down.
On Fri, 15 Jan 2016 18:17:42 -0500 dan@geer.org wrote:
That being said, I would suspect that any system which permits absolutely zero recourse against things done with it that a super majority of citizens considers abhorrent
It would be pretty funny to learn what the word 'abhorent' is supposed to mean here. Are we talking about the endless crimes commited by government officials? What kind of 'abhorrent' things can be done with the shitty internet apart from posting picures on facebook and the like?
On Wed, Jan 06, 2016 at 11:51:29PM -0500, grarpamp wrote:
Nine server council... a hoseablitly focus point similar to Tor dirauths. In any case... interesting.
The privaTegrity (PT) backdoor is significantly more malignant than the Tor dirauth issue. If you pwn the Tor dirauths, you can sign and publish a false "consensns" to clients that will cause them to use only your relays for new connections, thus breaking anonymity for new connections. Doing so leaves a trail of bits showing that this was done (mostly just on the target system). Tor is actively seeking solutions to make their system more privacy-preserving and if a better option shows up in research, they will likely adopt it. If you pwn the PT overlords, you can retrospectively deanonymize connections that you recorded in the past. If PT were deployed at scale with a, say, 12-month deanonymization window [1] then every connection during that interval would be silently deanonymized by APT0 who has stealthily exfiltrated the overlord private material. [1] the whole point of the PT backdoor and its claim to "break the crypto war stalemate" is that a lawful investigation could go back and ask "who sent this bomb threat". If PT were deployed at scale and a vulnerability were found that used the backdoor, the developers are left with an uncomfortable choice -- fix the vuln and thereby break the backdoor, or leave users vulnerable and preserve the so-called "lawful" access? This is not a conflict that I want my privacy technologists to have to navigate. Now, cMix seems like an interesting technology (much like the tech bits of eCash were interesting back in the 90s, a previous #chaumism[3]). I chatted with one of the coauthors yesterday and there's clearly an interesting performance improvement to existing mix networks; read the paper[2] for more details. But the PT system built on it is predicated on an unrealistic model of datacenter security, international geopolitics, network economics, cyberwar, and network reliability. [2] https://eprint.iacr.org/2016/008.pdf [3] https://twitter.com/hashtag/chaumisms -andy
On Thu, Jan 7, 2016 at 2:41 PM, Andy Isaacson <adi@hexapodia.org> wrote:
On Wed, Jan 06, 2016 at 11:51:29PM -0500, grarpamp wrote:
Nine server council... a hoseablitly focus point similar to Tor dirauths. In any case... interesting.
The privaTegrity (PT) backdoor is significantly more malignant than the Tor dirauth issue.
If you pwn the Tor dirauths, you can sign and publish a false "consensns" to clients that will cause them to use only your relays for new connections, thus breaking anonymity for new connections. Doing so leaves a trail of bits showing that this was done (mostly just on the target system). Tor is actively seeking solutions to make their system more privacy-preserving and if a better option shows up in research, they will likely adopt it.
If you pwn the PT overlords, you can retrospectively deanonymize connections that you recorded in the past. If PT were deployed at scale with a, say, 12-month deanonymization window [1] then every connection during that interval would be silently deanonymized by APT0 who has stealthily exfiltrated the overlord private material.
[1] the whole point of the PT backdoor and its claim to "break the crypto war stalemate" is that a lawful investigation could go back and ask "who sent this bomb threat".
If PT were deployed at scale and a vulnerability were found that used the backdoor, the developers are left with an uncomfortable choice -- fix the vuln and thereby break the backdoor, or leave users vulnerable and preserve the so-called "lawful" access? This is not a conflict that I want my privacy technologists to have to navigate.
Now, cMix seems like an interesting technology (much like the tech bits of eCash were interesting back in the 90s, a previous #chaumism[3]). I chatted with one of the coauthors yesterday and there's clearly an interesting performance improvement to existing mix networks; read the paper[2] for more details. But the PT system built on it is predicated on an unrealistic model of datacenter security, international geopolitics, network economics, cyberwar, and network reliability.
[2] https://eprint.iacr.org/2016/008.pdf [3] https://twitter.com/hashtag/chaumisms
-andy
To add; It was surprising (to me) that Chaum should be the one to produce the first of the modern 'solving the key escrow problem' algorithms. Academia has been ignoring this particular problem for quite a while - I expect that more proposed solutions will follow, solutions that will be more difficult to prove insecure... PT sounds like its rooted in threat models & crypto systems from 10-15 years ago - I'm not sure why anyone would migrate to this system - over anything presently available (unless everything else is made illegal, of course). Check out cMix's 'beta' paper & make attacks as necessary. http://www.scribd.com/doc/294737065/cMix-Anonymization-by-High-Performance-S... Some of Chaum's earlier work involved designing systems with arbiters where 3rd parties could prove evidence of misdeeds - this system, using threshold secret sharing (right?), doesn't expose the same properties. Which means that, of course, operators of routers are free to collude and subject to TAO from various IA. -Travis -- Twitter <https://twitter.com/tbiehn> | LinkedIn <http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn> | TravisBiehn.com <http://www.travisbiehn.com> | Google Plus <https://plus.google.com/+TravisBiehn>
participants (11)
-
Alex Stahl -
Andy Isaacson -
coderman -
dan@geer.org -
grarpamp -
J.M. Porup -
juan -
Mirimir -
Shawn K. Quinn -
Tracerneo -
Travis Biehn