On Fri, May 11, 2001 at 11:22:59AM -0700, Tim May wrote:
> At 10:58 AM -0700 5/11/01, Robin Lee Powell wrote:
> >On Thu, May 10, 2001 at 06:13:48PM -0700, Tim May wrote:
> >
> > > If there are not many people (somewhat verifiably, to protect
> > > against
> > >most operators being the same agent) running your code, of what
> > >use is it?
> >
> >Well, none at this point. And in fact, thinking about it more, a
> >straight DC-Net is of no use for IM, because the model is different
> >(IM is, by its nature, something where you wouldn't want to join a
> >network of all other users). It'd work for chats, but there are
> >already encrypting chat clients.
>
> Is your implementation of a DC-Net running?
Not generally, but it certainly can be. Just for the heck of it, I've
got a -f (first) node running on port 18182 (pulled the number out of my
ass) on digitalkingdom.org if anyone wants to join in.
Note that the way that it handles trust is that you need to be know two
people on the ring, to specify a left and right partner. The second
person on the ring specifies the first person as both their left and
right partners. See the README for more info.
This isn't intended to be a good implementation, it's just intended to
work.
> Have you characterized the latency issues,
No.
> the collusion issues,
Standard ring structure, collusion issues as described in the paper (the
IV method is used).
> >> I'm all for DC-Nets which implement the Pfitzmann fixes,
> >
> >I have no idea what those are, sorry.
>
> Some of the papers which followed Chaum's original 1988 paper.
> Eurocrypt '89 -'91, IIRC. I suggest that if you are actually
> implementing DC-Nets you should be reading these papers and the
> comments which have been generated.
I wrote this implementation ~2 years ago. No-one seemed to care. This
certainly isn't something I'm actively working on. But if I decide to
work seriously on it, I'll go read those, thanks.
> Something which merely implements a few of the ideas of DC-Nets, but
> which falls prey to the attacks Chaum was mainly interested in heading
> off (such as collusion amongst the DC-Net participants to uncover the
> source of messages), is not useful.
>
> (Which is one reason we pushed remailers. While not as elegant and
> provably robust, remailers have certain obvious advantages, discussed
> here many times.)
<nod> I'm sure I can guess.
> >http://www.digitalkingdom.org/~rlpowell/software/dc_net.tar.gz
> >
> >The paper I wrote with my assumptions is 'paper.txt'. It has very
> >little math (it pretty ad hoc, actually) because, as I mentioned, I
> >suck at math.
>
> Thanks for the URL. I downloaded it and have looked at paper.txt.
>
> How much of a DC Net did you actually implement? Your conclusions
> suggest that some/much of the implementation is a future project. You
> write:
>
> In close, I will be describing my model for the 'perfect' implementation of a
> DC-net that drove the rest of the paper. The key word here is
> 'implementation',
> I will not be suggesting anything that is impossible, although it may be
> infeasible or difficult to arrange in practice.
>
> Firstly, for reasons described above, such a model would have a ring
> communications structure, mostly (see below). This is to preserve external
> anonymity.
>
> --end excerpt--
Whoo, boy, it's been a while.
Lesssee.
None of the key-based stuff is implemented. It's ring-based as I said.
It's line based rather than character based (as in you client doesn't
start sending till you hit return). It's talking-stick/conch-shell
based. It is not server based. Coin tossing is byte-wise, IIRC. No
means of broadcasting existence information is in place.
> I applaud you for actually trying to do such an implementation.
Thank you.
> My skepticism comes from the "hard parts" being the client-server end,
> that is, distributing the software, arranging the channels, providing
> signalling, etc.
Yep.
Since no-one seemed interested when I posted it to coderpunks, I haven't
looked at any of that yet.
> Just implementing the canonical model of the three cryptographers
> flipping coins to reveal that one of them paid without revealing which
> _one_ of them paid is just the very tip of the iceberg.
>
>
> If you could deploy running code on various machines, with real users
> sending and receiving DC-Net messages, etc., with resistance to
> spoofing and collusion attacks, that would be very exciting.
It runs. It works. It does not implement the cryptographic portions of
the protocol. There are no real users. The latency is very high.
Whether you find that exciting or not is up to you. 8)
-Robin
--
http://www.digitalkingdom.org/~rlpowell/ BTW, I'm male, honest.
le datni cu djica le nu zifre .iku'i .oi le so'e datni cu to'e te pilno
je xlali -- RLP http://www.lojban.org/
