[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Latency Costs of Anonymity



Wei Dai wrote:

> The points Tim makes here are quite good.  However, I'm more concerned 
> with a slightly longer time scale, when people focus less on FILES, 
> but more on CONVERSATIONS and INTERACTIONS.  It is then that latency 
> becomes more problematic.
> 
> Can anyone give me an estimate of when truly anonymous video conferencing 
> will become possible?  This is not just to help me make the point, but 
> I'm really wondering.

I didn't know you meant real-time conversations and interactions.
These are indeed very hard to get acceptable latency on in mixes.

Defeating traffic analysis in such a case is highly problematic, at
least with conventional remailers. (Unconventional remailers, such as
a dedicated telephone "traffic scrambler," with lots of internal
bandwith between nodes, could work. Obviously a lot of other traffic
would have to be flowing in and out.)

The tradeoffs are best analyzed with an actual mathematical model of
nodes, traffic rates, clumping of traffic, etc., rather than our
hand-waving here (hand-waving is OK for broad conceptual points, but
not in cases like this).

I'll be interested in what others calculate, but I think "conversation
mixes" are several years off, at best. The upcoming demo of Voice PGP
by Phil Zimmermann (scheduled to appear at the Demo Day meeting next
Saturday) may be a step in this direction.

BTW, to my graph in my last post we could add a z-axis representing
"value." Roughly, how much per unit of data transmitted. The
crypto-canonical "Attack at dawn" message might easily be worth many
dollars per byte to transmit untraceably, whereas a casual phone
conversation between Alice and Bob may not be worth (to them,
separately or in combination) much more than a few cents per kilobyte
transmitted.

In other words, there are economic as well as technologic reasons I
doubt we'll see low-latency, high-bandwidth audio or video remailers
anytime soon. (As we're seeing now: short messages can get through in
tens of seconds, 

But like I said, some calculations are called for. I'd start by
analyzing the existing voice-over-Internet systems, the packet sizes,
and so forth.

My suspicion is that Alice and Bob cannot defeat traffic analysis
while ~10K bits per second are flowing continuously between them
(audio), at least not until _many_ subnetworks are _much_
faster. Also, the CPU loads would be great (= costly)). Video is even
further off. Tricks to reduce bandwidth may help.

The digital mixes implicitly assumed in "True Names"--the year before
Chaum published his seminal mix paper--are a ways off.

--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
[email protected]       | anonymous networks, digital pseudonyms, zero
                       | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
Cypherpunks list: [email protected] with body message of only: 
subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay