[messaging] Panoramix decryption mixnet messaging spec and design documents

Ximin Luo infinity0 at pwned.gg
Sun Nov 19 06:09:00 PST 2017

>> I wonder, in general can we have nice things? Can we finally have a
>> cryptographic messaging system that protects against intersection
>> attacks? To that end I've been putting together a reading list so that
> If my understanding is correct, the answer is No. No we cannot prevent
> longterm intersection attacks by using decoy traffic in the
> katzenpost/loopix system because users will go offline and come back
> online later which changes the anonymity set size and thus leaks
> information to a global network observer.
> I suspect that there are mixnet use cases which are not vulnerable or
> less vulnerable to this... such that user or application behavior does not
> form a "session" where users send multiple messages over long periods which
> can be linked by a passive observer.

What about a store-and-retrieve design? You don't send "to" the receiver (not even indirectly), you send to a mailbox at an unpredictable address (or addresses) in a DHT-like distributed storage system, which is always online. Later, the receiver logs on and retrieves their own messages from their mailbox.

Storage nodes only store stuff for a fixed amount of time and then they drop it, to save space / prevent storage DoS attacks. Participants rely on end-to-end acks to guarantee reliability. If the recipient doesn't ack your message, you assume the network dropped it, and resend it, perhaps to a newly-generated unpredictable address.

Wasn't Jeff Burdges exploring designs in this area at some point? I vaguely remember him talking about it at various events a few years ago.


GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE

More information about the Messaging mailing list