[messaging] An argument against DC-nets and for mixnets

Jeff Burdges burdges at gnunet.org
Thu Oct 15 05:26:20 PDT 2015



I've read up on a few modern metadata hiding schemes recently.  It
appears the supposedly information theoretically secure schemes based
on DC-nets, like Dissent, Herbivore, etc., would turn out far less
secure than mixnets like Sphinx.  

I've two reasons for this opinion : 

First, mixnets hide your metadata with real traffic, while DC-nets hide
your metadata with artificial traffic, consuming at least n times as
much bandwidth where n is the number of participating server nodes.  We
should assume that most if not all artificial traffic could
realistically be replaced with real traffic, possibly by delaying
traffic, so the user base from which your anonymity set is drawn is
actually divided by n in the DC-net.  

Second, any DC-net exposes the full set of participating server nodes,
while mixnets expose this set only to the sender, and expose server
nodes only pairwise to one another.  A priori, it's plausible this
makes large "fibered" DC-nets like Herbivore much more vulnerable to
intersection type attacks.

Also, I suspect mixnet could blur the boundary between client and
server nodes somewhat better too.


There are scenarios where DC-nets might out perform mixnets, well
perhaps DC-nets exhibit lower latency given sufficiently high bandwidth
and low actual traffic.  In other words, DC-nets might outperform
mixnets for hiding the internal metadata of an organization.  

We encounter an interesting ethical concern here :  Should one try to
hide the internal metadata of organizations over and above the bulk
metadata of the general public? 

We could use investigative reporting as an example the Dissent paper
mentioned wikileaks.  It's clear that DC-nets suck for whistleblowers. 
 What about communication between the journalists themselves though? 
 We need an organization that's large enough that hiding internal
metadata meaningfully obfuscates its upcoming projects, maybe they
employ experts on a wide rang of issues.  Yet, we need the organization
to be small enough for the DC-nets poor scaling.  Sounds quite
specific.

We could otoh consider an organizations working for more nefarious
purposes, like say a corporate board discussing how their vaguely
worded edict should be interpreted.  It's plausibly my biases impacting
what organizations I've considered, but conspiratorial groups seem more
malleable in size. 


Anyways, it's unclear when if ever DC-nets out perform mixnets, but
even if they do under some conditions, then those conditions probably
favor some users over others. 

Jeff

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20151015/98220682/attachment.sig>


More information about the Messaging mailing list