From: Jim Hart <hart@chaos.bsu.edu>
To: cypherpunks@toad.com
Message Hash: da6ec71f25cd2bf9e1d4ab9fe79fe6a72f3d88e17a7d74340a64e5a5dbc6ed8d
Message ID: <199408300037.TAA07496@chaos.bsu.edu>
Reply To: N/A
UTC Datetime: 1994-08-30 00:42:49 UTC
Raw Date: Mon, 29 Aug 94 17:42:49 PDT
From: Jim Hart <hart@chaos.bsu.edu>
Date: Mon, 29 Aug 94 17:42:49 PDT
To: cypherpunks@toad.com
Subject: Transport Mixes
Message-ID: <199408300037.TAA07496@chaos.bsu.edu>
MIME-Version: 1.0
Content-Type: text/plain
It might be possible to transport goods in a difficult to trace fashion,
by applying the concept of a digital mix to physical transport.
We can't make them cryptographically hard to trace, but perhaps we
can minimize the clue trail by substituting crypto for normal
shipment records.
Here's a courier system for shipping small packages untraceably:
+ put your packages in a suitcase for a flight to a major hub airport,
which is also a courier mix site. Each bag contains an innocuous
looking Newton with a small wireless radio. These identify themselves
as mix shipments only if the proper one time key is transmitted over
a spread spectrum wireless channel. You also put a message in the
Newton indicating the shipment route and enclosing digital cash
as postage; these are successively encrypted with each mix's public
key, just as with remailers
+ couriers spend all day locating mix bags and taking them to
a nearby hotel room, and taking bags from the hotel room when
they have been delayed, mixed, and queued for the flight they are
and only take a few bags each at a time
+ the particular hotel and room changes every day
+ a separate courier inside the hotel room takes the following steps:
-- decrypts a message inside the Newton with his private
key to reveal the next destination for the shipment
-- decrypts the digital cash fee for this mix and clears it
-- puts the package and Newton in a new suitcase and
puts it in a queue for that new destination (a flight
at some point in the future, say 10-30 hours later)
+ like any mix, the delay depends on the rate of traffic going through
the system: we'd like to mix up at least ten or so shipments at each mix
+ we assume that customs checks any bag at at most n-1 out
of n hubs (highly probable unless the bag contains something
that looks suspicious in the x-ray).
+ the contents of the package should contain no clues as to
source and destination, unless they are securely encrypted
+ each mix is a separate organization, composed of only a few
mutually trusted couriers
+ we need protocols for destroying shipments or shipping them
back to the customer, due to suspicous nature of the package
(customs would catch guns, bombs, sniffable drugs, etc.)
unclearable postage, or other exceptions that might occur,
and informing customers and arbitrators of these actions
Something of this sort might even be possible with larger shipments
using large ocean ports instead of airports, standard size pallets
instead of suitcases, and warehouses instead of hotel rooms.
Again, I make no claim that this would be cryptographically
strong; but in some cases we can use cryptographic protocols
to stop info flows related to transport that are otherwise vulverable
to attack, and concentrate on various techniques to minimize
other vulnerabilities.
The mix concept is limited to important shipments where one is
willing to pay a high preium. The number of mixes will be small,
because increase in transport costs quickly overwhelms the
increased security of using additional mixes, because there
are these other vulnearabilities that become more important.
Can one travel personally, untraceably? Here is a method
analogous to a mix:
+ instead of flying directly to one's destination, fly through two or
three hubs
+ pay for each ticket with cash; if ID is necessary use unlinkable nom
de guerres at each airport
+ remove suitcase tags at each airport
+ dress differently at each airport (just enough to foil routine memories
of stewardesses, etc.)
+ if one is being followed use the various methods to lose them,
choose three new hub airports and start over
Jim Hart
hart@chaos.bsu.edu
Return to August 1994
Return to “tcmay@netcom.com (Timothy C. May)”