[messaging] Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis

Trevor Perrin trevp at trevp.net
Mon Jun 22 10:48:07 PDT 2015

On Mon, Jun 22, 2015 at 4:35 AM, Jeff Burdges <burdges at gnunet.org> wrote:
> There is a contextual miss-statement when they quote that Pond does not
> protect against a global passive adversary.  Pond does not protect
> against a global adversary who also hacks the Pond server, but that's a
> given in context.

I think their statement is accurate, and the protection here is
stronger than Pond in a few ways:

For one thing, Pond allows users to have different mailbox servers.
Without hacking any servers, a GPA could correlate Tor entry traffic
(from users) with Tor exit traffic (messages arriving at recipient
mailbox servers) to infer which users are sending messages to which
mailbox servers.

Second, hacking (or being) a Pond mailbox server allows traffic
confirmation by monitoring the Tor entry traffic of particular users,
and looking for correlations as that user fetches her messages.  This
doesn't require "global" monitoring, just the ability to monitor
hypothesized users.

Third, even without traffic monitoring, Pond servers could correlate
message arrival times between different mailboxes, which might be able
to link users who frequently exchange bursts of messages, or are
subscribed to the same mailing lists, etc.

[You also wrote]:
> If I read correctly, there are dialing rounds only every 20 min or
> whatever, so dialing might only be 100k overhead amortized to the
> conversation rounds.

No, their example has 2 MB/min for dialing, i.e. 4000x more bandwidth
for dialing than sending messages.  See section 7.4.


More information about the Messaging mailing list