CDR: Re: ZKS -- the path to world domination
obfuscation at beta.freedom.net
obfuscation at beta.freedom.net
Wed Nov 22 10:25:47 PST 2000
Adam Back writes:
> It's as strong as we could make it. Private interactive
> communications are a hard problem. As Wei and I were discussing in
> the "PipeNet protocol" thread in the last couple of weeks, there are 4
> main properties you're trying to optimise over:
>
> 1. security (resistance to traffic analysis)
> 2. performance
> 3. bandwidth efficiency (cost)
> 4. DoS resistance
>
> It appears pretty hard to get more than one of these properties with
> theoretical optimality. PipeNet gets the first one with good
> theoretical security, but none of the others are good. Freedom makes
> an engineering tradeoff which does reasonably on all 4.
What about adding link padding? Can you say something about why
this doesn't help, or costs too much?
Without it, someone monitoring your system can see which ZKS node you are
talking to. If they then monitor that node they can see that whenever
you send an incoming message, there comes an outgoing message, so they
can see the next node you are talking to, and so on.
With link padding, they couldn't do this. They'd have to interrupt
your data stream and then monitor *all* the outgoing traffic from *all*
the ZKS nodes and see which one got interrupted. This sounds like a
much more expensive attack. It is an active attack as well, while the
previous one is passive and could be done by a Carnivore system.
Ob
More information about the cypherpunks-legacy
mailing list