Mixmaster Message Drops

Joseph Ashwood ashwood at msn.com
Sat Aug 11 14:46:28 PDT 2001 

First let me say those were not my numbers, those numbers were supplied by
another source, I simply reiterated them.

----- Original Message -----
From: "Jim Choate" <ravage at ssz.com>
To: <cypherpunks at einstein.ssz.com>
Sent: Saturday, August 11, 2001 6:19 PM
Subject: CDR: Re: Mixmaster Message Drops


>
> On Wed, 8 Aug 2001, Joseph Ashwood wrote:
> > Well assuming that the remailers are under attack, we start using
digital
> > signatures with initiation information stored in them. Mallet can
introduce
> > duplicates,
>
> Duplicates are not drops, signatures do nothing for drops. You're changing
> the rules in the middle of the game.

Actually if you are simply testing the number of messages that come in
versus the number that go out, duplicates are a worry. If we are ignoring
the content then a message stream of
1,2,3,4,5,6,7,8,9,10,11,121,13,14,15,16,17,18,19,20 looks identical to
1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 so that failure mode needs to be
addressed, the individual signatures addresses that issue, which means that
we can distinguish between the two message streams. This allow us to detect
that numbers 13 and 17 for example) got dropped, and to cover the
seperatation in the stream Mallet duplicated messages 7 and 11. This gives
us a level of tracability that we can enforce ourselves outside of the
network system. I believe that detecting and eliminating duplicates
eliminates a very important activity that Mallet could perform to throw off
our measurements.

> > > Q: How to inject traffic into the remailer network anonymously?
> >
> > through a set of trusted remailers,
>
> Which we don't have if we accept your numbers. Depending on the technology
> you're trying to vet is a recipe for disaster (well Mallet won't think
> so).

Actually you can start with just one trusted remailer. If you can get in an
personally inspect 1 remailer, or run it yourself, you can trust a single
one. Once the single trust location has been established you begin routing
information through that single entry point, and make use of that entry
point to measure to depth 2. Once you have built trust in a depth 2 entry
point, you can then test it as a depth 1, making sure that mallet doesn't
allow just a single entry point proper passthrough. From there you will have
2+ entry points to begin more depth 2 tests, from 2+ locations to begin
with, repeat until the trust base has reached the necessary levels. Of
course this testing has to be maintained continually, but the ability to
send a couple dozen messages through each remailer each day should provide
enough maintenance power.
                                Joe

More information about the cypherpunks-legacy mailing list