[messaging] Ronion anonymous routing protocol framework
nazar at mokrynskyi.com
Sat Oct 14 06:44:14 PDT 2017
> Afaik, there is nothing "useful" to do with protocols that are "like tor
> but not tor" because tor appears general enough to do anything you
> really want with circuit-based anonymity protocols.
In my case the plan is to use future network completely within browser, namely no other software. In other words in will work on a fridge that happens to have modern browser installed, regardless of the OS.
> Right now, there is no known way to do this safely. I2P does it, but
> afaik not safely. I donno if it's worse than using circuits in the
> first place though.
I'm aware of this, but this is not the primary concern for me right now.
> If you do not use AEZ, then one can produce cryptographic proof of a
> hidden service's identity: Just Run a hidden service guard that xors a
> pattern into the data. And run a receiver that recognizes that
> Actually, I suppose you can run the pattern across cells even with the
> wide-block cipher, so it works on all circuit based schemes with
> malleability, although the wide block cipher makes it easier.
> In short, hidden services lack full bitwise unlinkability in any circuit
> based anonymity tool like Tor.
Great explanation, will need to research this question in more detail and will likely update Ronion's description afterwards.
I've also found this: https://cr.yp.to/talks/2016.01.15/slides-djb-20160115-a4.pdf
> Tor wants “fast, proven, secure, easy-to-implement, non-patent-encumbered, side-channel-free” 509-byte blooock cipher.
> (But current cipher is a disaster, so can consider compromises.)
> Tor is considering deployment of AEZ or HHFHFH in 2016.
So looks like you're right. It also looks like Ronion doesn't offer anything better than that conceptually and will depend on the cipher that is used by concrete higher level implementation.
However, for this attack you'll need to control 2 nodes in the established circuit, which is not terribly bad for large networks IMO.
I mean, it is possible figure out a connection between certain nodes, but I don't yet see this to be catastrophic for hidden services (6 hops from initiator to responder and most data coming straight from initiator to responder).
Sincerely, Nazar Mokrynskyi
More information about the Messaging