> First, there are several schemes in which bandwidth is roughly quadratic > in the number of participants, including broadcast with trial > decryption, dining cryptographer's networks (DC-nets), and private > information retrieval (PIR). > > In general, these schemes are only useful when you want anonymity within
It's not even clear if DC-nets will be useful given the mathematical constraints. I mean... rate limiting a single participant can be used to deanonymize them... or simply one participant dropping out can DOS the whole DC-net. > a small group of participants, but some like DC-nets can provide lower > latency equal or better than onion routing in Tor. As ethernet is > already a broadcast protocol, one serious application is anonymity among > the set of people who connect to a specific wifi network. *snip* > Second, mix networks require only linear bandwidth, but they add > considerable latency. There are also schemes known as verifiable mix Yes, unless you are willing to make the decoy traffic versus latency tradeoff as described in the Loopix paper. > networks in which bandwidth is linear in the number of participants, but > the computation is quadratic. Alpenhorn includes a verifiable mixnet > layer.
signature.asc
Description: PGP signature
_______________________________________________ Messaging mailing list Messaging@moderncrypto.org https://moderncrypto.org/mailman/listinfo/messaging
