> On Sat, 2017-09-16 at 22:21 +0000, dawuud wrote: > > On the other hand the Loopix design as described in the paper does not > > include any message reliability mechanism at all. In our design we do > > not use the SURBs to achieve any identity-hiding property like > > Mixminion does. Instead we only use SURBs to send ACKnowledgements in > > our Stop and Wait ARQ protocol from Client to Provider. > > I'm sure I've pointed this out to you guys before, David, but ACKs do > not need SURBs per se. At least not if the ACK comes from the mail > server as opposed to the user. You just send a packet in a loop, but > execute a special command mid way that drops off the message and > replaces it with the ACK. It only requires that packet building split
That is equivalent to using a SURB... although it has some disadvantages which include extreme packet header overhead; that is to say: If your Sphinx packet format ensures that each hop's routing info slot is the same size then you end up with lots of wasted space when you stuff a payload into one of those slots because all the other slots must pad to the same size. Further this adds complexity to the implementation of the Sphinx packet format because it means that the header size will be variable instead of fixed size; you cannot stuff a fixed size header inside another header which is fixed to the same size! Further, if you use Sphinx headers in this way you don't really need the packet "body" at all which is originally specified to be encrypted with an SPRP/wide-block cipher such as Lioness. You are essentially decapitating the Sphinx, where all you are left with is a human head that is no longer attached to the body of a lion ;-p The reason I say they are equivalent is that ultimately both ideas are about sending a packet with enough routing information for the ACK to reach the source whence it came. So I appear to be arguing here that our specification for ACKs via SURBs is a better design than sending loops where the payload is contained in the header... However, loops are great for other things such as heartbeats to detect n-1 attacks and decoy traffic. Hence the name Loopix which uses several kinds of looped messages in it's design. > the key material between the two orientations. You could achieve that > split by building a SURB, and doing so may simplify the code elsewhere > or even enable multiple-ACKs, but it's nowhere near as messy as folks > imagine when they hear you say SURB though. Actually, I think the main obstable one encounters when mentioning this stuff to various autistic crypto nerds is essentially a 10 year old anti-mixnet prejudice by those who have not yet read the Loopix paper which is clearly the most advanced published mixnet paper to date.
signature.asc
Description: PGP signature
_______________________________________________ Messaging mailing list Messaging@moderncrypto.org https://moderncrypto.org/mailman/listinfo/messaging