[messaging] Panoramix decryption mixnet messaging spec and design documents
Michael Rogers
michael at briarproject.org
Wed Nov 1 04:29:45 PDT 2017
On 01/11/17 01:40, Ximin Luo wrote:
> After a quick web search on "epistemic attacks", the main paper I can find [1] has the result that attacks are very strong if each node only knows about a small fraction (n nodes) of the whole network (N nodes).
>
> They lay the motivation for this assumption (n << N), by describing a discovery-based p2p network where each node "samples" (i.e. directly contacts) a small fraction of the network. This is equating with mere "knowledge" of a node, so that the act of "sampling" an attacker-controlled node, gives them (or a GPA) the ability to know exactly which nodes "know" the target node.
>
> The paper does not seem to consider the possibility that nodes could discover more of the network without directly sampling every node, e.g. via gossip with their neighbours on "which other nodes exist".
The eclipse attack is relevant here. Briefly, if you discover nodes by
asking each node you know about which other nodes it knows about, an
attacker who controls some fraction d/n of the nodes can control a
larger fraction of your view, because honest nodes return a sample with
d/n dishonest nodes on average, whereas dishonest nodes can return a set
containing only dishonest nodes.
If node discovery is ongoing - for example, if you replace nodes in your
view that have gone offline by discovering more nodes - then the
attacker can eventually control your whole view.
(This is from memory and may be inaccurate, it's been a long time since
I read the paper.)
https://www.eecs.harvard.edu/~mema/courses/cs264/papers/eclipse-infocom06.pdf
Cheers,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x9FC527CC.asc
Type: application/pgp-keys
Size: 4660 bytes
Desc: not available
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20171101/bc1c5e3b/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20171101/bc1c5e3b/attachment.sig>
More information about the Messaging
mailing list