cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1996-07-04 - Re: anonymous remailers

Header Data

From: JMKELSEY@delphi.com
To: cypherpunks@toad.com
Message Hash: cf1185be7c26905efbb81149f5c606561640771caeea7dd664873707131ece1d
Message ID: <01I6NJC6YZES91X6WG@delphi.com>
Reply To: N/A
UTC Datetime: 1996-07-04 06:15:30 UTC
Raw Date: Thu, 4 Jul 1996 14:15:30 +0800

Raw message

From: JMKELSEY@delphi.com
Date: Thu, 4 Jul 1996 14:15:30 +0800
To: cypherpunks@toad.com
Subject: Re: anonymous remailers
Message-ID: <01I6NJC6YZES91X6WG@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[ To: Cypherpunks ## Date: 07/02/96 03:36 pm ##
  Subject: Re:  anonymous mailing lists ]

>Date: Sat, 29 Jun 1996 09:40:51 -0700
>From: Hal <hfinney@shell.portal.com>
>Subject: Re:  anonymous mailing lists

>Wei Dai did some nice statistical analysis of this type of attack
>sometime a year or two ago.  Even with countermeasures such as you
>suggest, if they are not perfect, so some information leaks correlating
>incoming and outgoing messages, Wei showed that it was possible to
>deduce the owners of the nyms surprisingly quickly.

Yes, this makes sense.  As I said before, this is related to the way
timing attacks work.  A little correlation that shouldn't be there,
over many messages, turns out to be enough to unravel a lot of
information.

>The countermeasures do work - if you get and send exactly 50 pieces of
>4K byte email every day, no matter what, then correlations don't exist
>- but they are expensive to do perfectly.

At the very least, this is susceptible to a flooding attack.  At any
rate, this is analogous to the fixed-delay solution to timing
attacks.  (Make all PK operations with long-term secret keys take
the same amount of time.)  Unfortunately, I can't see a solution to
this that's analogous to blinding out the values in the timing
attacks.

>Hal

Note:  Please respond via e-mail as well as or instead of posting,
as I get CP-LITE instead of the whole list.

   --John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMds0LUHx57Ag8goBAQHPeQP+JH4b7bJCLW3ttqQ+v0XzEcbCaeOg9LqR
e+xuaLx2AjCx5N+V2q3xeJTAldfZZ5YFwCUq3KgpnBAbDvJ1my0hCGmKj+1uXQTp
SFSciq5oItMo2kwncbez2RaN/0aqcDSOGnc4ddfO4Ur7H7k+aLOQuaAUvcvDpV1p
C8up+1PSPW0=
=60Zh
-----END PGP SIGNATURE-----

Thread