With no criticism to the idea and motivation there are similarities with
having a reply-to of a newsgroup such as alt.anonymous.messages, which is
used as a more secure alternative to reply blocks.  To pickup those messages
anonymously you'd ideally need to be able to unobservably download newsgroup
articles (ssl access to a newsfeed, or pre-download a lot, or i2p/ToR access
to a newsfeed + selective article download).

For bitmessage you probably need to use steganographic techniques otherwise
some messages would be too large to have been created by some public keys. (As in pgp stealth [1] but updated for ECC, depending on our parameter
choices)

IMO you might want to do something about forward secrecy (aka backward
security) and forward anonymity, or you arguably end up with the same issue
as reply blocks: a subpoena plus suspicion can force decryption (you wont
have the decrypt the reply-block via repeated subpoenas down the chain, but
the participants are known or suspected, just coerce them to decrypt!) It is
tricky to get forward secrecy for store-and-forard messaging [2], but
perhaps you could incorporate rekeying into your protocol in some convenient
way.

And maybe a way to steganographically tunnel connections to participate
(perhaps in passive mode only) where mere observable participation in an
anonymous messaging protocol may become outlawed.


As the designer of the 2nd gen pseudonymous mail system [3] at Zero
Knowledge Systems I came to the conclusion that for a mail system with the
objective of pseudonymous privacy, on a practical basis forward secrecy is
more important than resistance to pervasive traffic collection analysis -
for most users its game over if they get targetted, and at least in western
countries the capabilities of the secret service organizations are not
applied to minor end-user disputes.

While courts issue subpoenas all the time as a matter of course, and law
enforcement dont even bother - just ask the ISP for data without court order
works most of the time with most ISPs.
Ergo forward secrecy and forward anonymity is your friend.

(And briefly the design of the freedom 2nd gen mail system is to have
forward secret connections to a pseudonymous pop box containing encrypted
mails.  The first gen ZKS pseudonymous mail system was reply block based).

Adam

[1] http://cypherspace.org/adam/stealth/
[2] http://cypherspace.org/adam/nifs/
[3] http://cypherspace.org/adam/pubs/freedom2-mail.pdf

On Sat, Feb 16, 2013 at 01:49:18PM -0500, Jonathan Warren wrote:
  Hello everyone, I would like to introduce you to a communications
  protocol I have been working on called Bitmessage. I have also written
  an open source client released under the MIT/X11 license. It borrows
  ideas from Bitcoin and Hashcash and aims to form a secure and
  decentralized communications protocol which also doesn't rely on trust.
  Criticism of the X.509 certificate system is understandably common in
  this listserv (and also increasingly common in more public forums);
  Bitmessage instead uses Bitcoin-like addresses for authentication. It
  has a 'broadcast' and 'subscription' feature which other people have
  described as a decentralized Twitter and also aims to hide
  "non-content" data, like the sender and receiver of messages, from
  passive eavesdroppers like those running warrantless wiretapping
  programs. It may also be possible to be strong against active attackers
  although I'm not yet making that claim.


  A primary goal has been to make a clean and simple interface so that
  the key management, authentication, and encryption is simple even for
  people who do not understand public-key cryptography. I'm sure that
  there is quite a bit of demand for such a program and protocol although
  I am currently not actively promoting it because it has not been
  independently audited.


  I would be interested to hear your comments. The website
  https://bitmessage.org links to various resources like a short
  whitepaper describing how the protocol works and what its goals are (
  https://bitmessage.org/bitmessage.pdf ) and the source code on Github (
  https://github.com/Bitmessage/PyBitmessage ). The main source code file
  is bitmessagemain.py.


  Bitmessage is written in Python and uses an OpenSSL wrapper called
  pyelliptic (written by a different individual) to implement ECIES and
  ECDSA.

  Again I look forward to hearing comments; it is always easier to change
  or add to a protocol earlier than it is later.

  All the best,

  Jonathan Warren

_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to