Technical Remailer Analysis.

Timothy C. May tcmay at
Sat Oct 1 11:44:32 PDT 1994

Hal wrote:

> Good point.  There is a related attack which Chaum pointed out in his
> 1981 CACM paper: the attacker intercepts and keeps a copy of an incoming
> message, then later re-sends it.  This one will go to the same place and
> by repeating this multiple times we can figure out where the original
> message went.

Thanks to Louis Cypher and Hal Finney for discussing this. Our
remailers are, as several of us have discussed, at a primitive level
of fact, most of the security is illusory and would
collapse under serious scrutiny.

Here are some fixes to consider, as I see them. Chaum, in his Feb.
1981 paper on Untraceable E-Mail (Comm. of the ACM) remains the key
paper, though some of the later DC-Net papers also deal with such
attacks (under the rubric of "collusion" and "flooding" types of

Sorry for the format, as I'm using the tools I use for the FAQ.

157.3.  Some possible fixes:

	157.3.1.  remailers can recognize duplicates and agree not to
remail them, or to remail them off in different directions (adding their own 

	157.3.2.  digital postage helps a bit, as the attacker at
least has to spend money

	157.3.3.  (If the inner layers of a message each have some
digital money, or a "one-use" coupon, then an attacker who copies and resends
the whole message is effectively double-spending and this should be detected.
Most simply, the "use once" coupon will only allow one passage through the

--Tim May

Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
Cypherpunks list: majordomo at with body message of only: 
subscribe cypherpunks. FAQ available at in pub/tcmay

More information about the cypherpunks-legacy mailing list