[messaging] Ronion anonymous routing protocol framework
Jeff Burdges
burdges at gnunet.org
Thu Oct 12 10:30:49 PDT 2017
You can roughly classify anonymity system designs that go beyond Tor of
course.
First, there are several schemes in which bandwidth is roughly quadratic
in the number of participants, including broadcast with trial
decryption, dining cryptographer's networks (DC-nets), and private
information retrieval (PIR).
In general, these schemes are only useful when you want anonymity within
a small group of participants, but some like DC-nets can provide lower
latency equal or better than onion routing in Tor. As ethernet is
already a broadcast protocol, one serious application is anonymity among
the set of people who connect to a specific wifi network.
In fact, there are ISP who prioritize privacy, so if one considers
smallish anonymity sets with low-latency interesting then maybe one
should explore really cheap solutions provided by alternative low-level
network stacks that merely make logging hard, probably highly asymmetric
like layers of broadcast for inbound packets, and another scheme for
outgoing packets, including ACKs.
Second, mix networks require only linear bandwidth, but they add
considerable latency. There are also schemes known as verifiable mix
networks in which bandwidth is linear in the number of participants, but
the computation is quadratic. Alpenhorn includes a verifiable mixnet
layer.
Interestingly, almost all mix network schemes require broadcast for
their "consensus" document to avoid "epistemic attacks", like Tor does.
These can scale up to very roughly 10 million times as many users as a
pure broadcast scheme, and Tor could squeeze out a few more orders of
magnitude, but running a mix network with billions of users needs a
break through in random peer selection with incomplete network
knowledge. IBE provides options here, but creates an even bigger
weaknesses.
Jeff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20171012/668368f7/attachment.sig>
More information about the Messaging
mailing list