more about anonymous mail (Re: Making Money in Digital Money)
Adam Back
adam at cypherspace.org
Sat Apr 26 15:44:02 PDT 2003
I wrote about freedom 2.0 mail system:
> So these interactive connections are immediately forward-secret, and
> therefore you have much better protection against subpeona attack.
> However they are more vulnerable to all-powerful observer attacks who
> could probably figure out which pseudonym was which by sending lots of
> unique sized email and then watching traffic patterns flow through the
> network.
So a couple of other comments:
- Ulf Moeller, Anton Stiglic and I published our thoughts about how
someone could go about doing the passive adversary traffic analysis
attacks on interactive systems such as the freedom anonymous network:
Apr 01 - "Traffic Analysis Attacks and Trade-Offs in Anonymity
Providing systems", Information Hiding 2001, Adam Back, Ulf
Moeller and Anton Stiglic
http://www.cypherspace.org/adam/pubs/traffic.pdf
- and in fact the version 1 freedom mail system had other issues: the
mail was not split up into fixed sized chunks (as it is with
mixmaster), so it suffered the same vulnerabilities that type I based
nymservers do: it was in addition equally vunlerable to traffic
analysis. I'd take this version 1 freedom mail vulnerability to
indiate that in essentially all respects version 2 was more secure
than version 1; though some of the version 1 design-issues could have
been fixed in similar ways that are proposed in the mixminion project.
The mixminion project project (aka Type III remailer) design and
implementation attempts to avoid these issues by merging reply block
functionality into a mixmaster like fixed sized message mix net.
Mixminion actually uses Single Use Reply Blocks (SURBs) to in addition
reduce vulnerability to flooding attacks (where someone just sends
lots of messages to see where they arrive as they flow down the reply
block). The recipient I think is expected to send a few SURBs to nyms
he communicates with, and to send SURBs to the nymserver to pick up
mail from regular internet mail senders (who are not using the
mixminion client).
If I understand it is also planned that the mixminion / Type III
protocol will be implemented within mixmaster as mixmaster version 4.
(The current alpha mixminion code is a separate code base, written in
python scripting language).
The other good thing about mixminion / type III protocol is that
finally type I remailers with their traffic analysis issues could be
phased out. (Their remaining reason for existance was to support
reply-block functionality for nymservers).
Adam
More information about the cypherpunks-legacy
mailing list