[messaging] Ronion anonymous routing protocol framework

Jeff Burdges burdges at gnunet.org
Fri Oct 13 03:50:34 PDT 2017

On Thu, 2017-10-12 at 21:34 +0300, Nazar Mokrynskyi wrote:
> Could you clarify what are Tor knockoffs? Haven't heard about it
> before and can't find anything useful with these keywords myself.

I meant:  If you want Tor-like circuits, then you should contribute to
Tor itself.  You don't want to fragment the anonymity set more than
necessary.  It's different if you have some really new idea of course,
but new language, changing ciphers, etc. do not suffice. 

> I've not explored mix networks too much, so my understanding is
> limited, could you give some links where I can read why?

Tor only provides cryptographic unlinkability between packets, but does
not protect against traffic analysis. 

As a rule, anonymity systems proposed by academics attempt to protect
against traffic analysis too, but such schemes must pay for this
protection with both higher bandwidth, usually through cover traffic,
and increased latency. 

In fact, there is a recent paper that bounds the anonymity as a roughly
a function of bandwidth * latency where bandwidth consists mostly of
cover traffic.  https://eprint.iacr.org/2017/954
It's more complex however because cover traffic and latency can take
different forms.  As an example George Danezis has spoken recently about
tweaking reliability, which falls partially on both sides.

Arguably, you cannot protect against traffic analysis at all in a
circuit based system like Tor anyways.  And Tor does not do cover
traffic or delays for this reason.  

> Just to give a bit more context, I'm going to build a network that
> will only have something similar to Tor's hidden services, namely all
> of the traffic will be inside of the network.

Tor recently redesigned their rendezvous protocol for hidden services.
I'd think Tor-like rendezvous protocols are too complex to warrant an
"implemented classification" like noise:  Tor uses a collaborative
random number for choosing introduction points!  Do you save a hop by
"fairly" computing the rendezvous point?  What is fair? 

> Also bandwidth requirements are expected to be very low and while
> latency requirements are quite high (only occasionally), it is not
> critical if there would be several seconds delay sometimes.

George Danezis has recently spoken about mix networks with average
delays of only a few seconds in their Loopix mix network design.  They
had still not done the anonymity analysis when I heard this.  I'd wager
seconds becomes minutes by the time all is said an done.  Also, mix
networks have very high latency occasionally.  If your average latency
is a couple minutes then you occasionally see latency of a quarter hour
or more.  


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20171013/77ca4d48/attachment.sig>

More information about the Messaging mailing list