[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 2-way anonymous via SASE
Hal Finney writes:
> Jim's idea looks good for anonymous communication. It is basically
> the same as the one Chaum describes in his 1981 Communications of the
> ACM paper.
Damn, just when I thought I might have had an original idea...
> The one difference is that Jim's B, C, and D are conventional rather
> than public keys in Chaum's system. This could be slightly more
> efficient.
>
Probably most than just slightly (for the sender), considering the time it
takes to generate good public-key pairs.
> One other caution Chaum raises re the SASE's is that they should not be
> used more than once. If they could be it would be possible to send in
> multiple messages using the same SASE and notice which output address
> was similarly duplicated.
If the SASEs incorporated the use of non-reusable Digital Stamps, then the
remailers could detect attempts to double spend the Digital Stamps placed
inside the SASEs.
>..., else the Opponent can eavesdrop on an SASE-based message
>and replay the address portion.
I'm not exactly sure what you mean here. I'm guessing that you mean an
eavesdropper could capture a reply message of the form...
Ted sends (stuff3)R3, (reply)A ==> R3
...and grab the "(stuff3)R3" part and try to use it. However, he wouldn't
have the public-key A, so he wouldn't be able to use "(stuff3)R3" to send
a readable message to Bob (who constructed the SASE). Bob would get
garbage at the end of the final decrypt step because the eavesdropper's
message was not encrypted with A. However, the eavesdropper could still
use "(stuff3)R3" to send multiple copies of a garbage message in an
attempt to track back to Bob (as you indicated in your last paragraph).
If I was Ted and I was worried about an eavesdropper, I would not send the
reply directly to R3. I would wrap the reply in a nest of conventional
digital envelopes and send the reply to R3 via a random set of other
remailers. Something like:
(R21, (R3, ((stuff3)R3, (reply)A)R3)R21)R10
This would first go to R10, then R21, and then to R3, which would
recognize the (stuff3)R3, (reply)A format and forward the reply based on
the contents of "stuff3"
This would foil the eavesdroppers who were trying to figure out who Ted
was replying to. An eavesdropper monitoring R3 would still be able to
caputure the SASE-based message forward by R3 (e.g. (stuffN) ((reply)A)B
==> R2 ), but they wouldn't be able know that the forwarded reply
originally came from Ted.
This, of course, doesn't prevent Ted from abusing the SASE. Will probably
need some form of non-reuseable Digital Stamps to do that.
[email protected]