[Cryptography] Email and IM are ideal candidates for mix networks

Jerry Leichter leichter at lrw.com
Sun Aug 25 22:53:57 EDT 2013 

On Aug 25, 2013, at 6:28 PM, Perry E. Metzger wrote:
[Commenting on just one minor piece]
> ...Similar techniques may be useful for voice traffic, but that has
> "interesting" latency requirements, and they're hard to fulfill with a
> mix network that might take arbitrary time. There's been some
> interesting work by a number of people (including one of my doctoral
> brothers) on this topic. It probably would require a bunch of
> experimentation to get it right. On the other hand, anything might be
> better than what we have now for voice traffic, which is essentially
> zero privacy from the operators of most of the services.
There's another problem with voice:  People have come to expect services beyond the old point-to-point conversations that the traditional phone network provided.  Group conferences are now very much an expected part of on-line voice services.  These actually require fairly sophisticated processing of the audio to balance levels, avoid or suppress echoes, and so on.  The only implementation techniques available today require a central server with access to cleartext voice streams.  Not only does the server need to be trusted to handle the cleartext voice streams, it has to be trusted to do all the authentication - what comes out of the system doesn't usually match what went in from any one endpoint.

Multi-way chat has similar, if much simpler, problems.

On the rare occasions these problems (or even multi-party video conferencing) get mentioned, someone usually suggests using homomorphic cryptography.  Besides being way too expensive to be practical at the moment, it's not even clear to me that it provides a useful kind of security.  What kind of authentication model could such a system implement?  Without it, what's to prevent a rogue server from inserting its own voice into the conversation?

There are probably a couple of nice PhD dissertations in here....

                                                        -- Jerry

More information about the cryptography mailing list