[camera_lumina at hotmail.com: Tor-stored Pads]

Eugen Leitl eugen at leitl.org
Mon Jan 2 07:08:58 EST 2006

----- Forwarded message from Tyler Durden <camera_lumina at hotmail.com> -----

From: Tyler Durden <camera_lumina at hotmail.com>
Date: Sun, 01 Jan 2006 21:41:35 -0500
To: measl at mfn.org
Cc: coderman at gmail.com, jya at cryptome.net, cypherpunks at jfet.org
Subject: Tor-stored Pads

Alif the Terrible wrote...

>(3) Since all off the pieces have been stored - including both the
>encrypted messagetexts and the decryptors, what is to prevent a
>time-faking attack against this message?  After all, if you have all the
>parts, you can just "reinstantiate" the network as it was was the messages
>were originally sent.

Yes, agreed, but I think this a MUCH bigger pain in the ass.
To wit: If they grab and deencrypt the "message" (ie the piece sent to the 
receiver) prior to the expiration time, then they will have the message and 
be able to read it. This is an improvement in that they have to do it prior 
to the expiration time of the hidden piece. They can not grab and store this 
piece alone because the other piece will not be there later.

If they do not deencrypt the message in time, then they have to grab a core 
dump of the entire network (as well as the transmitted message), because 
they do not know where the piece is located. Seems to me that's a much 
harder thing to do then merely grabbing a sole message and de-encrypting it 
at their leisure. Seems to me too that a Tor network that was sufficiently 
dynamic could require network core dumps that could actually tax even NSA 
facilities, given large Tor networks of the future.

It should also be pointed out that if the encryption on the "message" piece 
is done extremely carefully, one can afford to be lax on the Tor piece, and 
yet have a very difficult problem to crack (particularly if wrong guesses 
set off boobytraps that kill the hidden message piece).

Again, it can be countered that an attack might merely require N 
instantiations of the network, but now we are talking some very significant 
resources. We've multiplied the originall cracking problem by N. Perhaps.


PS: I believe this is very close to having a one-time stored pad, but the 
difference with traditional Pads is that this one is tored in an anonymous 
location.(See Coderman's post.)

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20060102/745a8fff/attachment.pgp>

More information about the cryptography mailing list