Technical Remailer Analysis.
Timothy C. May
tcmay at netcom.com
Sat Oct 1 11:44:32 PDT 1994
> Good point. There is a related attack which Chaum pointed out in his
> 1981 CACM paper: the attacker intercepts and keeps a copy of an incoming
> message, then later re-sends it. This one will go to the same place and
> by repeating this multiple times we can figure out where the original
> message went.
Thanks to Louis Cypher and Hal Finney for discussing this. Our
remailers are, as several of us have discussed, at a primitive level
of security...in fact, most of the security is illusory and would
collapse under serious scrutiny.
Here are some fixes to consider, as I see them. Chaum, in his Feb.
1981 paper on Untraceable E-Mail (Comm. of the ACM) remains the key
paper, though some of the later DC-Net papers also deal with such
attacks (under the rubric of "collusion" and "flooding" types of
Sorry for the format, as I'm using the tools I use for the FAQ.
157.3. Some possible fixes:
157.3.1. remailers can recognize duplicates and agree not to
remail them, or to remail them off in different directions (adding their own
157.3.2. digital postage helps a bit, as the attacker at
least has to spend money
157.3.3. (If the inner layers of a message each have some
digital money, or a "one-use" coupon, then an attacker who copies and resends
the whole message is effectively double-spending and this should be detected.
Most simply, the "use once" coupon will only allow one passage through the
Timothy C. May | Crypto Anarchy: encryption, digital money,
tcmay at netcom.com | anonymous networks, digital pseudonyms, zero
408-688-5409 | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
Cypherpunks list: majordomo at toad.com with body message of only:
subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay
More information about the cypherpunks-legacy