Charles Allhands: > Thanks for the link! Is there a reason why mix networks aren't commonly > used?
Thanks for asking this interesting question. See this. Not written by me. Source [1] > Roger Dingledine Fri, 27 Apr 2012 00:10:48 -0700 > > On Thu, Apr 26, 2012 at 04:15:04AM +0100, StealthMonger wrote: >> If the channel has low latency, no hacking can conceal the packet >> timing and volume correlation at the endpoints. It is high random >> latency and thorough mixing that gain mixmaster its anonymity. >> Dingledine and company would agree. > > > Your "thorough mixing" phrase is critical here. > > Once upon a time, when we were working on both Mixminion and Tor, we were > thinking of it as a tradeoff: Mixminion offers some protection against > end-to-end correlation attacks [1], but the price is high and variable > latency; whereas Tor offers basically no protection against somebody who > can measure [2] flows at both sides of the circuit, but it's a lot more > fun to use. > > (Another price of the mix design is that you only get to send a fixed-size > relatively small message rather than have a bidirectional flow.) > > So oversimplifying a bit, we thought we had a choice between "high > security, high latency" and "low security, low latency". But the trouble > is that while Mixminion's design can provide more safety in theory, it > needs the users before it can provide this safety in practice. Without > enough users sending messages to mix with, high and variable latency by > itself doesn't cut it. > > So oversimplifying a bit more, the choice may be better viewed as "low > security, high latency" vs "low security, low latency". And that's a > much easier choice to make. See [3] for more discussion. > > I haven't given up hope on end-to-end correlation resistance for > low-latency flow-based designs like Tor (but papers like [4] don't make me > optimistic for a quick fix). It's hard to see how we could end up with a > large enough and diverse enough population of Mixminion users to let it > fulfill its potential. Stay tuned to PETS [5] and related conferences, > but be patient. > > --Roger [1] http://www.mail-archive.com/[email protected]/msg00022.html -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
