A DC or Dining Cryptographers ring is a way that a number of nodes on a network can form a ring that works like ethernet, where anyone on the ring can broadcast information to the others but without betraying their identity. This can work over TCP/IP or any other communication protocol. Scott wants to use it for anonymous invite-only IRC but there is a problem, someone could flood the ring making it useless, and you can't know who it is. See:
http://www.nyx.net/~awestrop/crypt/diningcr.htm ...for more info. Ok, so I have been thinking about a way to protect a DC communication ring* from an abusive participant. Basically, let's say that people A, B, C, D, and E are happily talking to each other anonymously using a DC ring, when someone starts to flood it, preventing communication. As soon as this occurs, the system goes into "Mc Carthy mode". 5 new rings are formed, the first with people B, C, D, and E, the second with A, C, D, and E, the third with A, B, D, and E, the fourth with A, B, C, and E, and the fifth with A, B, C, and D ie. there are five different rings each leaving out one participant. Each participant randomly selects two of the rings they are on to broadcast their messages, and continue as normal, treating the 4 rings they are attached to as a single message source, but broadcasting on only 2 of those rings. If someone starts to abuse one or more of the rings then that ring is dropped. If they continue to be a pain in the ass then eventually then all rings that they are attached to will be dropped and everyone will know who they are. So basically, the rules are, play nice or we will figure out who you are. Now, of course, this has some negative implications for anonymity, in that when the network is in "Mc Carthy" mode, people lose some of their anonymity since, lets say that a message is broadcast on rings ABCE and ABCD, then they will know that the message must have been broadcast by node A, B, or C. Of course, the bigger the ring, the less acute this problem is. It may be possible to reduce this problem, where nodes only broadcast on one ring, and other nodes on that ring then randomly self-select (ie. they wait for a random amount of time, and if nobody else has done it, rebroadcast the message on a different ring than the one it came in on). So this approach works fine where there is only one malicious participant, however if they are two then between them, they will be able to flood all rings, and this approach won't work. The solution here would be to create subrings for all permutations where two nodes are left out, and repeat the process. Of course, this would increase the loss of anonymity described above, but again, the larger the network, the less of a problem this is. Thoughts? Ian. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20010514/da8d6a34/attachment.pgp>
