From: Jeff Gostin <jgostin@eternal.pha.pa.us>
Date: Mon, 8 Aug 94 13:52:07 PDT
To: cypherpunks@toad.com
Subject: Re: Anonymous Transport Agents (Was: Latency vs. Reordering)
Message-ID: <940808152144F3jjgostin@eternal.pha.pa.us>
MIME-Version: 1.0
Content-Type: text/plain


Hal <hfinney@shell.portal.com> writes:

> I can see two problems.  First, at least the first machine on the trans-
> port path will see both your origin address and your destination address.
> So it is in a perfect position to do traffic analysis.  Many users may
> not have the ability to control which machine this is since routing is
> usually automatic these days.
     Fair enough. Let's assume that ESMTP will anonymize and sanitize each
message, making it appear as if it first appeared on the site. In other
words, lets say I send a message via ESMTP to someone. It gets sanitized
and anonymized (the return address is encrypted). This removes ALL traces
of the fact that it left from my node. Every site up the chain until it
gets to you will do the same. Finally you get a VERY anon/sanitized
message.

     I said the return address is encrypted. That's true: it's encrypted
piece-meal. What happens is that the originator's site the sender's name
with its own key. Then, it encrypts its site name with the next site's
key. When it's sent, the site encrypts it's name, PLUS the previous
encrypted packet with the key of the next site up the net. This happens
until it reaches its destination. Even if the packet is intercepted, the
hacker only knows the previous site it came from. Let's say he intercepts
it between my feed and my feed's feed. This gives some 15+ choices as to
which MACHINE it came from, let alone which USER sent it, and that's only
on the first hop. On the Nth hop, it's AT LEAST 2^N possible MACHINES,
assuming that each hop has at least two feeds. More realistically, after
about 4 hops, the number of choices becomes entirely too large to
efficiently track. What do you think?

> Second, if each machine simply saves a message and sends it on, then even
> if the messages are encrypted there will probably be timing relationships
> between the incoming and outgoing messages which will allow them to be
> linked.
     Quite true. However, if the encryption system adds random-x bytes of
entropy to _each message_, the message sizes will never be the same coming
in as going out. It will always be larger, but each additional hop makes
the chance of tracking less and less. How many hackers can watch the whole
backbone?? 

> So someone monitoring the intersite communication channels may be
> able to track a message through the network just by noticing when it comes
> into and goes out of each node.  This is why Chaum introduces message
> batching and mixing at each node.
     Very true. But, again, it shouldn't matter... By the time it gets to
a place where the message is passed through 3 or 4 machines that one
person can watch, it's already been sanitized to the point of obsurdity,
no? Opinions?

                                        --Jeff
--
======  ======    +----------------jgostin@eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+