Re: Latency vs. Reordering (Was: Remailer ideas...

[tcmay@netcom.com (Timothy C. May)]

Eric Hughes writes:

> Back to the start, I guess.
> 
> >   Specifically cryptographic elements are easily added to the system
> >       *	packets can be delayed for random intervals
> 
> Let me repeat:
> 
> REORDERING IS OF PRIMARY IMPORTANCE FOR REMAILER SECURITY.
> 
> ADDING LATENCY IS NOT.
> 
> And I don't want to hear any excuses that you can say latency and mean
> reordering, because that's self-delusion.  Not only is it false, but
> misleading.  Reordering is necessary for security, and latency is a
> by-product.  You don't get security by adding by-products.

I don't understand this. My remailer (snakeoil@klaus.com.edy) gets
about 3 or 4 messages a day through it, and I'm very careful to add a
latency of 1 hour and sometimes 2 hours...surely this is more than
enough!

My friend Pandit says he gets 20 messages an hour, and he uses a
latency of 1 hour, so why can't I?

(Oh, you mean the key is to _randomly reorder_ the messages, not just
delay them by an hour when the average number of messages in an hour
is less than 1 anyway? Oh, now I see. Never mind!)

--Tim May, who is as tired as Eric is of hearing the hoary old
chestnuts about 'random delays,' this without regard to calculating
the amount of reordering. Part of the problem, I'll grant folks, is
that there are few if any papers showing calcultions on this--Chaum's
1981 paper only makes brief mention of reordering effects. I don't
think it's a _hard_ calculation, and I've made some estimates of the
"diffusion and confusion" deriving from a mix of 10 nodes, each with a
diffusivity of 10...with equal packet sizes, and no other identifying
clues, a simple analysis suggests 10^10 routes that could be followed.
However, if only 10 messages entered the mix labyrinth (my
nontechnical term!) and 10 left it, then regardless of the 10^10
routings, a monitor would still "know" that one of the 10 leaving was
the targetted message. On the other hand, he would have no certainty
as to which one. A condition true even if 2 messages entered a node
and 2 left it after being mixed. (It is this latter area, about
degrees of uncertaintly, that needs a more sophisticate combinatorial
anylysis. Again, not a big project...maybe a nice little Masters
thesis for someone to do, to extend Chaum's analysis a bit.)


P.S. I presume the list is back up again? 


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."