1998-01-28 - Re: future proofing algorihtms

Header Data

From: Tim May <tcmay@got.net>
To: cypherpunks@Algebra.COM
Message Hash: 9ddd9c5363bf7e448521e5df4929a86c837d912a872254cb5591feb43d47a71c
Message ID: <v03102805b0f4501f35a7@[207.167.93.63]>
Reply To: <199801221532.JAA28790@email.plnet.net>
UTC Datetime: 1998-01-28 03:16:14 UTC
Raw Date: Wed, 28 Jan 1998 11:16:14 +0800

Raw message

From: Tim May <tcmay@got.net>
Date: Wed, 28 Jan 1998 11:16:14 +0800
To: cypherpunks@Algebra.COM
Subject: Re: future proofing algorihtms
In-Reply-To: <199801221532.JAA28790@email.plnet.net>
Message-ID: <v03102805b0f4501f35a7@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



At 5:18 PM -0800 1/25/98, Adam Back wrote:

>Repeat to get back to originator.  If we assume 100 message pool size
>(probably generous) and chain of length 10, that is 1000 decryptions
>which adds equivalent to 10 bits worth of symmetric key size.
>
>Paranoid stuff yes, but the NSA mixmaster traffic archive doesn't seem
>that unlikely.
>
>It is interesting to note that Tim May's recent suggestion of LAM
>(Local Area Mixes) would help here because if 5 of those mixmaster
>nodes where part of a LAM, it is unlikely that the NSA would be able
>to archive inter remailer traffic, thus increasing effective pool size
>to 100^5.  So one advantage of the LAM approach is that it provides
>links which are protected by physical security.

This is a big part of the LAM motivation: to grossly complicate the task of
observers watching the traffic. If SWAN or PipeNet is adopted, this
obviates this point, but neither seems likely anytime soon.

A LAM approach is low tech, and can be implemented easily enough. (And
PipeNet becomes much more feasible...)

Even an adventurous company, with many machines on various networks, could
deploy a LAM on their network.

(Though the laws about corporate culpability are written in ways that a
Silicon Graphics or Sun or C2Net would have much to fear in having their
corporate network associated with a LAM of any sort. Hence my point about
many and varied residential users in a physical building being the LAM
nodes.)

Another point about LAMs is that they are useful as "concentrators" for
PipeNet connections. To wit,

Suppose someone has deployed a PipeNet connection to another node. Fine,
but the NSA and Mossad and GCHQ and other enemies of freedom may watch the
traffic flowing into the node feeding that PipeNet connection.

So why not do a better job of "loading" this PipeNet connection by having a
LAM at the site? Then, watchers see the stuff flowing into the LAM, and
have less idea (correlation-wise) of what's then making use of the PipeNet
connection.

(There are arguments that PipeNet would be immune to this type of
correlation, in that a single node feeding a PipeNet connection is as good
as N nodes. The devil's in the details. I argue that a LAM feeding a
PipeNet connection is at least as secure against monitoring as a single
node feeding a PipeNet, and possibly more secure, practically speaking.)

--Tim May

The Feds have shown their hand: they want a ban on domestic cryptography
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^2,976,221   | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








Thread