[OT-ish] How big is the UK 'net?

Peter Fairbrother zenadsl6186 at zen.co.uk
Wed, 26 Jun 2002 16:12:06 +0100 

This is a bit long and getting OT. Last post. I'll continue this offlist if
anyone's interested.

Ian Jackson wrote:

> Peter Fairbrother writes ("[OT-ish] How big is the UK 'net?"):
>> I have now (in theory) got the traffic down to a few 100MB per customer per
>> day, that's for 1 million customers sending up to 40 emails per day each. :)
> 
> What size emails are you expecting ?

I started with 512 Bytes and later increased it to 1 kB. It can be highly
compressed data, most average emails can be compressed to 1kB. If needed you
can send two or three.

> The mean mail in my INBOX is
> 40K.  Your cover traffic to real traffic ratio seems like 50:1 or so !
> Surely you can do better than that ?

There is no covertraffic as such, just enough to prevent traffic volume data
disclosure. Users send 40 emails per day, it doesn't matter how many are
real and how many are fake. If they need to send more than 40 a day they get
another account.


A simple way to do it would be to have people send 40 encrypted emails each
to a "radio" station and broadcast them all, a concept known as a "daily
feed". Every user would receive the whole 40GB/day of traffic and examine it
for messages meant for them. Allowing for repeats that means broadcasting
20MB/s nationwide, comparable to three TV channels. Unfortunately the Govt
aren't going to let that happen on the airwaves, and it's far too much for
the 'net.


There is another way. This is computationally-anonymous email, which I tend
to call "public anonymity". It's anonymity that does not depend on trusting
anyone. It assumes that Plod has access to all data, and can subvert or
suborn everyone and everything, in the entire system, except in your
computer and that of your correspondent.

It starts with storing all the end-to-end encrypted emails in a single
database. It involves techniques to determine when an email is being sent to
you, and getting data to identify the email in the database of emails,
anonymously, without giving that information away to an all-seeing attacker.
It involves anonymously reading (and/or writing to) a database of 40 million
emails under the eye of that all-seeing attacker, using techniques similar
to those used for PIR (private information retrieval). The attacker can see
every bit sent or manipulated, but still can't tell who if anyone a message
is being sent to. It's bleeding-edge.

500 MB/day/user is a real achievement for the traffic and security level
(equivalent to 2048-bit RSA, roughly), and I can see how to squeeze it down
to 150 MB/day or so, but another breakthrough will be needed to break the
100MB barrier. But hey, a year ago I would have given a figure nearly two
orders of magnitude worse. Just one more to go!

-- Peter Fairbrother