[liberationtech] New protocol sacrifices bandwidth for metadata privacy
Tom Ritter
tom at ritter.vg
Mon Aug 4 14:03:08 PDT 2014
On 4 August 2014 14:39, Seth David Schoen <schoen at eff.org> wrote:
> One thing I think is especially important if you're going to try to
> propagate every message to every potential recipient is forward secrecy,
> because with something like PGP, only someone who was proactively
> eavesdropping on you or your network infrastrucure has your old messages,
> whereas with a flooding design, _all_ network participants potentially
> have, and might be archiving, all old messages. So any private key
> compromise at any point results in quite a wide audience that can go
> back and read old traffic. Someone who thinks they might want to read
> your traffic some day might simply join the network legitimately and
> start archiving ciphertext, hoping that they get some opportunity to get
> ahold of your key one way or another, maybe a few years down the line.
Quite. https://ritter.vg/blog-deanonymizing_amm.html Not that that's
an iron-clad argument against broadcast entirely, but more an argument
to be very careful about exposing any sort of metadata in the messages
and to try and build in PFS.
> The implementation modifies the
> Rijndael key schedule (to create a quasi-4096 bit symmetric cipher),
Whaaaat? What's the reasoning behind this?
In general, going only from the webpage: Very cool putting time and
effort attempting to go after metadata instead of content. Also very
cool writing code instead of publishing a paper and leaving the
implementation to someone else. Thanks!
Some initial, non-comprehensive thoughts: Looks like you're going the
broadcast route: have you done any calculations what amount of
bandwidth a regular user is going to be using when the network grows
to.. 100 active users? 1000? 10000? Any thought into DoS prevention?
That's been a pain of broadcast messaging schemes before.
-tom
More information about the liberationtech
mailing list