Public Anonymity

Dave Bird dave at xemu.demon.co.uk
Sun, 21 Oct 2001 01:16:33 +0100 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <B7F7BCB7.F002%peter.fairbrother@ntlworld.com>, Peter
Fairbrother <peter.fairbrother@ntlworld.com> writes
>> Dave Bird wrote:
> 
>> In article <xdNOyqAHaa07EwTx@xemu.demon.co.uk>, Dave Bird
>> <dave@xemu.demon.co.uk> writes
>>> In article <3BD17837.5020603@skygate.co.uk>, Pete Chown
>>> <Pete.Chown@skygate.co.uk> writes
>> 
>> P.S. I don't know exactly how mixmaster works, but you could
>> really mess up traffic analysis like this.  Remailer#1
>> gets a digest with say KByte plaintext blocks from different
>> messages encrypted to it.  It can unwrap this and rearrange blocks
>> into each whole message.  It now has a message pool from
>> packages various people sent it.  Most have onward destinations
>> to other remailers, and it repeats the process of chopping up
>> messages and sending them a digest of blocks.  This is a bit
>> more than mixmaster currently does (I think), because many
>> people don't start as mixmaster packages at the user.  In and
>> out are always the weakest points, because then blocks will at
>> least assemble into messages from the same sender or to the
>> same recipient.  
>
>It might help, but if there are laws requiring _all_ ISP's, remailers, and
>mixmasters to reveal everything, which is where it seems we may be going,
>then it will do no good. Only public anonymity systems will work here
>(public refers to _all_ the workings of the communication system being
>public, with the exception of your own internal processing of data. I assume
>you trust yourself, and can secure your own computer/brain).
>All non-public systems (most of the usual anonymity systems except stego)

 You see I'm not sure what you mean by "anonymity" or "public anonymity"

 To be precise steganography, is a method by which the content can
 be "encrypted", if that means "made-hidden": not by some mathematical
 encipherment of the characters but by hiding them among other data.
 Lets call these CONTENT-HIDING methods.  Used alone they mean that Eve
 the eavesdropper sees that a message has gone from Alice to Bob, but
 cannot penetrate the content.  In the case of successful Stego, Eve 
 can see that material has passed between them, but she cannot
 detect  t h a t  interesting content is present.  This alone will
 not secure the communication channel, because she will resort to
 looking for patterns in the flow of traffic between them vs events.


 On the other hand we need methods of ADDRESS-HIDING.  We can only do
 that if there is place, not here, where our sender information is
 stripped off and it is forwarded from the forwarder, without longterm
 records kept of where it arrived from or departed to.  Only a one or
 more third parties, not ourselves -- whom we trust -- can obscure what
 is flowing to where.   At the moment Eve can see what size message went 
 in or out, when, from Alice or Bob, but she cannot know for sure that
 the message Alice sent is the one Bob received, still less to whom each 
 of Alice's messages are sent if she is not in a position to watch all 
 possible recipients.  Watching of the end-points is rendered useless if 
 sender and recipient always transfer about the same sized package to 
 the forwarder, containing mangled bits of various messages (plus 
 "noise" padding) that will be assembled into messages later.

 You may mean that the messages are anonymous (do not have author 
 information visible) TO INTERMEDIARIES.  I call that address hiding
 or traffic hiding.   Sometimes this is done so that the message, 
 when Bob finally unlocks it. is plainly from Alice.  A subset of 
 what you can do with this is messages that are anonymous (do not 
 have author information visible)  TO THE RECIPIENTS; this is what 
 most people mean by "anonymous" messages.  


 To do any address hiding, you need a forwarder who manipulates
 addresses and does not keep longterm records.  

 There are a number of ways in which this can be done if some countries
 demand all network providers keep records.  It requires some places
 to break ranks and remove records.  One is if some countries drop out
 or never join, they get the advantage of being trusted to offer 
 superior facilities.  The other is if the system encourages people to
 make modem calls to each other, often local  sometimes long distance, 
 in which they shuffle information with each other without  an inter= 
 vening ISP.  Supposedly they are "all ISPs" and must all keep records, 
 but they don't and there are just too many of them to attack.  

 

>rely on some function being _secretly_ done by a "trusted" third party,
>perhaps with only one out out many possible TTP's actually being trustable.
>This has in the past been a good assumption in many cases, but if worldwide
>leglislation imposes mass disclosure requirements it may no longer be
>tenable. Here public anonymity becomes important.
>
>In a good public anonymity system it should be possible for Alice to send
>Bob a message when all the other players are possible spies for (insert
>here), and for it to be impossible for anyone, _including Bob_, to prove
>Alice sent any messages at all. This is hard, it is much easier if Alice can
>trust Bob, but it may be necessary to assume Bob is potentially an
>enemy/traitor.
>
>(challenge for any budding cryptologists, or even established ones -
>describe a secure public anonymity system where Bob is not trusted. Case of
>beer for any better solutions than mine, or a case for the best solution
>anyway. I will post mine later, it's not that good, this is brainstorming
>not STO.)
>
>-- Peter Fairbrother
>
>peter@m-o-o-t.org
>
>
>

- -- 
   ^-^-^-@@-^-;-^   http://www.xemu.demon.co.uk/
        (..)__u     news:alt.smoking.mooses

       happy as a clam at high tide -. <_" .-._.-.


-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBO9IT4X8v/Y5zkfRPEQK4wwCgh5ErYb/y2yo/zJrUffcTrTG2WGUAoOV3
cld9oXAZO+sLRS19nxqwJEc2
=OkfH
-----END PGP SIGNATURE-----