[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Improved remailer reordering

To: [email protected]
Subject: Improved remailer reordering
From: [email protected] (Eric Hughes)
Date: Sat, 6 Aug 94 16:20:10 -0700
In-Reply-To: Hal's message of Sat, 6 Aug 1994 08:31:55 -0700 <[email protected]>
Sender: [email protected]

About message mixing:

   A measure that is used for situations like this is entropy.  

Indeed.  This is exactly the mathematical measure for what I've called
"privacy diffusion" in a remailer network.  It is, namely a measure of
of the uncertainty to a watcher of what ingoing message corresponds to
what outgoing message.

As soon as you begin to write down some of the equations for this
value, several things become distinct possibilities:

-- duplicate messages may decrease security
-- retries may reduce security
-- interactive protocols may reduce security
-- there is such a thing as a needlessly lengthy remailer path
-- noise messages might not be worth the bother
-- multiple different routes may reduce security

One thing becomes blaringly obvious:

-- it's reordering that's mathematically significant; that's what goes
directly into the equations.


   To consider different batching strategies, consider a remailer where the
   messages come in one per hour, at 1:00, 2:00, 3:00, etc.  

Since the particulars of the time don't matter for this analysis, I'd
suggest using the terminology "message interval", since the entropy
calculation is time-scale invariant.

Hal's suggestion for rollover schemes is a good one.  I'll be working
on the math for it.

Eric

References:
- Improved remailer reordering
  - From: Hal <[email protected]>

Prev by Date: Remailer ideas
Next by Date: Remailer ideas
Prev by thread: Improved remailer reordering
Next by thread: Re: Improved remailer reordering
Index(es):
- Date
- Thread