At 10:58 AM -0700 5/11/01, Robin Lee Powell wrote:
>On Thu, May 10, 2001 at 06:13:48PM -0700, Tim May wrote:
>
> > If there are not many people (somewhat verifiably, to protect against
>> most operators being the same agent) running your code, of what use
>> is it?
>
>Well, none at this point. And in fact, thinking about it more, a
>straight DC-Net is of no use for IM, because the model is different (IM
>is, by its nature, something where you wouldn't want to join a network
>of all other users). It'd work for chats, but there are already
>encrypting chat clients.
Is your implementation of a DC-Net running? Have you characterized
the latency issues, the collusion issues, etc.?
>
>> I'm all for DC-Nets which implement the Pfitzmann fixes,
>
>I have no idea what those are, sorry.
Some of the papers which followed Chaum's original 1988 paper.
Eurocrypt '89 -'91, IIRC. I suggest that if you are actually
implementing DC-Nets you should be reading these papers and the
comments which have been generated.
Something which merely implements a few of the ideas of DC-Nets, but
which falls prey to the attacks Chaum was mainly interested in
heading off (such as collusion amongst the DC-Net participants to
uncover the source of messages), is not useful.
(Which is one reason we pushed remailers. While not as elegant and
provably robust, remailers have certain obvious advantages, discussed
here many times.)
>
>http://www.digitalkingdom.org/~rlpowell/software/dc_net.tar.gz
>
>The paper I wrote with my assumptions is 'paper.txt'. It has very
>little math (it pretty ad hoc, actually) because, as I mentioned, I suck
>at math.
Thanks for the URL. I downloaded it and have looked at paper.txt.
How much of a DC Net did you actually implement? Your conclusions
suggest that some/much of the implementation is a future project. You
write:
In close, I will be describing my model for the 'perfect' implementation of a
DC-net that drove the rest of the paper. The key word here is
'implementation',
I will not be suggesting anything that is impossible, although it may be
infeasible or difficult to arrange in practice.
Firstly, for reasons described above, such a model would have a ring
communications structure, mostly (see below). This is to preserve external
anonymity.
--end excerpt--
I applaud you for actually trying to do such an implementation. My
skepticism comes from the "hard parts" being the client-server end,
that is, distributing the software, arranging the channels, providing
signalling, etc. Just implementing the canonical model of the three
cryptographers flipping coins to reveal that one of them paid without
revealing which _one_ of them paid is just the very tip of the
iceberg.
If you could deploy running code on various machines, with real users
sending and receiving DC-Net messages, etc., with resistance to
spoofing and collusion attacks, that would be very exciting.
--Tim May
--
Timothy C. May [EMAIL PROTECTED] Corralitos, California
Political: Co-founder Cypherpunks/crypto anarchy/Cyphernomicon
Technical: physics/soft errors/Smalltalk/Squeak/agents/games/Go
Personal: b.1951/UCSB/Intel '74-'86/retired/investor/motorcycles/guns
