[messaging] TFC - Onion routed messaging with endpoint security

dawuud dawuud at riseup.net
Sun Jan 27 01:13:52 PST 2019

The recently published anonymity trilemma paper is fascinating, and
points out the tradeoff between bandwidth, latency and anonymity; note
the very interesting graph at the top of page 16, and that Loopix
holds an interesting position on this graph:

Anonymity Trilemma: Strong Anonymity, Low
Bandwidth Overhead, Low Latency—Choose Two
by Debajyoti Das, Sebastian Meiser, Esfandiar Mohammadi, Aniket Kate

The recent Loopix paper explores this tradeoff in the context of a
continuous time mix strategy called the Poisson mix:

The Loopix Anonymity System
by Ania M. Piotrowska, Jamie Hayes, Tariq Elahi, Sebastian Meiser, George Danezis

No need to cry about bandwidth usage if we are willing to sacrifice
the low latency and replace it with "medium latency". Instead of using
constant time padding or decoy traffic we can instead make use of a Poisson
process which samples from an exponential distribution. Loopix clients use a
FIFO queue for sending messages where items are removed from the queue and sent
based on time intervals from the Poisson process. If queue is empty send decoys.

Unsure how well this will work on phones... (especially dubious if they go to sleep)
Hopefully in the coming years we will see more research into these tradeoffs
and concrete tuning parameters for Loopix and other similar designs. :)

Like Holger Krekel said, perhaps mixnets can help. This is our long term plan.
For short term solutions of course use Tor! (Tor is very obviously the best currently deployed anonymous communication protocol)

♥λⒶ 😼 enjoy the reads


On Sun, Jan 27, 2019 at 02:05:32AM -0500, grarpamp wrote:
> DeepCorr: Strong Flow Correlation Attacks on Tor Using Deep Learning
> https://arxiv.org/pdf/1808.07285
> Some assert that the only way to beat this
> class (general timing and traffic analysis) is
> with full time regulated fill traffic.
> Then people cry bandwidth... before realizing the
> selectability of the committed rate is pursuant
> to their needs, and being no more than they can
> get, or would use, over non-fill nets anyways.
> Or with a, unusable for low latency..., random store
> forward lossy additive mixes... being a non general
> and gappy form of fill anyway.
> Are there any papers covering potential schemes for
> managing traffic fill (negotiation of rates, dynamic
> yielding to take on wheat presented, hop by hop
> vs network wide awareness and control mechanisms,
> dropping nodes that fail to fill per negotiation, etc)?
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20190127/6d211ac0/attachment.sig>

More information about the Messaging mailing list