On Aug 25, 2013, at 6:28 PM, Perry E. Metzger wrote:
[Commenting on just one minor piece]
> ...Similar techniques may be useful for voice traffic, but that has
> "interesting" latency requirements, and they're hard to fulfill with a
> mix network that might take arbitrary time. There's been some
> interesting work by a number of people (including one of my doctoral
> brothers) on this topic. It probably would require a bunch of
> experimentation to get it right. On the other hand, anything might be
> better than what we have now for voice traffic, which is essentially
> zero privacy from the operators of most of the services.
There's another problem with voice:  People have come to expect services beyond 
the old point-to-point conversations that the traditional phone network 
provided.  Group conferences are now very much an expected part of on-line 
voice services.  These actually require fairly sophisticated processing of the 
audio to balance levels, avoid or suppress echoes, and so on.  The only 
implementation techniques available today require a central server with access 
to cleartext voice streams.  Not only does the server need to be trusted to 
handle the cleartext voice streams, it has to be trusted to do all the 
authentication - what comes out of the system doesn't usually match what went 
in from any one endpoint.

Multi-way chat has similar, if much simpler, problems.

On the rare occasions these problems (or even multi-party video conferencing) 
get mentioned, someone usually suggests using homomorphic cryptography.  
Besides being way too expensive to be practical at the moment, it's not even 
clear to me that it provides a useful kind of security.  What kind of 
authentication model could such a system implement?  Without it, what's to 
prevent a rogue server from inserting its own voice into the conversation?

There are probably a couple of nice PhD dissertations in here....

                                                        -- Jerry

The cryptography mailing list

Reply via email to