On Thu, 2017-10-12 at 21:34 +0300, Nazar Mokrynskyi wrote: > Could you clarify what are Tor knockoffs? Haven't heard about it > before and can't find anything useful with these keywords myself.
I meant: If you want Tor-like circuits, then you should contribute to Tor itself. You don't want to fragment the anonymity set more than necessary. It's different if you have some really new idea of course, but new language, changing ciphers, etc. do not suffice. > I've not explored mix networks too much, so my understanding is > limited, could you give some links where I can read why? Tor only provides cryptographic unlinkability between packets, but does not protect against traffic analysis. As a rule, anonymity systems proposed by academics attempt to protect against traffic analysis too, but such schemes must pay for this protection with both higher bandwidth, usually through cover traffic, and increased latency. In fact, there is a recent paper that bounds the anonymity as a roughly a function of bandwidth * latency where bandwidth consists mostly of cover traffic. https://eprint.iacr.org/2017/954 It's more complex however because cover traffic and latency can take different forms. As an example George Danezis has spoken recently about tweaking reliability, which falls partially on both sides. Arguably, you cannot protect against traffic analysis at all in a circuit based system like Tor anyways. And Tor does not do cover traffic or delays for this reason. > Just to give a bit more context, I'm going to build a network that > will only have something similar to Tor's hidden services, namely all > of the traffic will be inside of the network. Tor recently redesigned their rendezvous protocol for hidden services. I'd think Tor-like rendezvous protocols are too complex to warrant an "implemented classification" like noise: Tor uses a collaborative random number for choosing introduction points! Do you save a hop by "fairly" computing the rendezvous point? What is fair? > Also bandwidth requirements are expected to be very low and while > latency requirements are quite high (only occasionally), it is not > critical if there would be several seconds delay sometimes. George Danezis has recently spoken about mix networks with average delays of only a few seconds in their Loopix mix network design. They had still not done the anonymity analysis when I heard this. I'd wager seconds becomes minutes by the time all is said an done. Also, mix networks have very high latency occasionally. If your average latency is a couple minutes then you occasionally see latency of a quarter hour or more. Jeff
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Messaging mailing list Messaging@moderncrypto.org https://moderncrypto.org/mailman/listinfo/messaging
