[Cryptography] Summary of the discussion so far

Perry E. Metzger perry at piermont.com
Fri Sep 13 17:02:28 EDT 2013


On Fri, 13 Sep 2013 15:46:58 -0500 Nico Williams
<nico at cryptonector.com> wrote:
> On Fri, Sep 13, 2013 at 03:17:35PM -0400, Perry E. Metzger wrote:
> > On Thu, 12 Sep 2013 14:53:28 -0500 Nico Williams
> > <nico at cryptonector.com> wrote:
> > > Traffic analysis can't really be defeated, not in detail.
> > 
> > What's wrong with mix networks?
> 
> First: you can probably be observed using them.

Sure, but the plan I described a few weeks ago would presumably end
with hundreds of thousands or millions of users if it worked at all.

> Second: I suspect that to be most effective the mix network also
> has to be most inconvenient (high latency, for example).

Sure, that's true for voice and such. However, for messaging
apps, that's not an issue. See my claims here:
http://www.metzdowd.com/pipermail/cryptography/2013-August/016874.html

(That was part of a three message sequence that began with these two:
http://www.metzdowd.com/pipermail/cryptography/2013-August/016870.html
and
http://www.metzdowd.com/pipermail/cryptography/2013-August/016872.html

but only the second of those two is really relevant to this
particular discussion.)

> Third: the mix network had better cross multiple jurisdictions that
> are not accustomed to cooperating with each other.  This seems very
> difficult to arrange.

That's important for onion networks, not mix networks. I understand
that the distinction isn't well understood by most, but it can be
summarized thus: an onion network depends on no one observing the
whole network to provide security, while a mix network uses
sufficient cover traffic and delay induction to prevent people from
being able to learn much even if they can observe the whole network
and control a minority of nodes.

Perry
-- 
Perry E. Metzger		perry at piermont.com


More information about the cryptography mailing list