Dear Fabio, On 21. Aug 2013, at 09:35 AM, "Fabio Pietrosanti (naif)" <li...@infosecurity.ch> wrote: > Which kind of logic / algorithm to apply on the Receiver's notification > timing in order to prevent / reduce the likelihood that a time correlation > pattern is possible? > > A random delay between a lower bounday and an upper boundary seems like the > most simple and effective approach to defeat this kind of correlation. > > However this does not work on very low-traffic globaleaks node. > > What do you think?
Random delay have a bad reputation in crypto because you can filter them out by repeating measurements. This criticism, however, is not relevant here as the attacker (e.g. a rouge state) has only a single data point and has no way to "repeat" this measurement. So yes, a random delay might help here. The difficulty is to choose the distribution and the minimum and maximum delay within. Another option would be to not send a notification, but to let the submitter choose some token during submission. The submitter can then later verify whether the token was received through another service. The service is public and anyone can query it. This removes the strong correlation between a submission and the notification. Regards, Sebastian _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography