-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matthew Toseland wrote: > [ snip long security argument ] > > PROPOSAL: > Add a flag RandomRoute. This may be set when a request starts (up to the > user). There is a 50% chance of its being unset. So on average it adds 2 hops > to the journey - but there is a small chance of requests going much further > than that. The advantage is that it greatly obscures the picture for a > distant attacker, by starting off in a somewhat random part of the keyspace. > NOTES: > We could not overload HTL=10 because HTL is reset to 10 every time we get > closer to the target: we *do not* want to go into random route mode just > because we got a bit closer to the target! > PROBLEMS: > It reveals that the request is relatively early. This will make local > correlation attacks even easier. So we should do it *after* we have premix > routing, at which point that won't be a problem any more.
Would it be possible to have (a very small) probability of setting the RandomRoute flag when it's unset? In that case if the attacker intercepts the random routed key one has only an inductive rather than deductive proof that originator is near. P.S. Yes i realise that simply adding random at each step is not a positive thing. - -- http://freedom.libsyn.com/ Voice of Freedom, Radical Podcast http://eng.anarchopedia.org/ Anarchopedia, A Free Knowledge Portal "None of us are free until all of us are free." ~ Mihail Bakunin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHbNe8uWy2EFICg+0RAqHfAKDos+DEPC2K+lqztGL6JSGLri6apQCbBzcD ZjXn57Jwo99YI4xHlwS/kEs= =0E5R -----END PGP SIGNATURE-----
