Matthew Toseland wrote: > Given that the attacker can only identify the insertor after the last block > is > inserted, the attacker can still check logs on nodes he controls, after he > has the top block. These may give him a reasonable fix on the originator > keyspace wise, however the amount of information is limited by the distance > between the attacker and the insertor.
The attacker in your scenario seems to be asking "who inserted/requested file x", but if the attacker asks "which files did node y insert/request" then the logging attack is quite effective: the attacker connects to the node*, and if the node requests a large fraction of any splitfile then it's probably the original inserter/requester. Simple as that. It doesn't matter whether you insert the top block first or last - when the attacker learns the top block's key he just needs to check his logs for the other blocks. (I know you know about this attack already, but I'm trying to emphasise that a lot depends on which question the attacker is asking.) A powerful attacker might be able to connect to every opennet node simultaneously, in which case the answers to "which files did node y insert/request" also answer "who inserted/requested file x". > 2. Easy full solution with large cost: > Encrypt the whole splitfile with a random key, or salt the splitfile > encryption key(s) with a random key. This should make life very much harder > for an attacker attempting to trace an insert. The problem is it eliminates > all space savings from CHK-based splitfiles. This proposal is feasible > immediately. Two questions: 1) How important is saving space compared to anonymity? 2) How much space is actually saved by convergent encryption? To put it another way, how often are large, identical files independently inserted by more than one person? I would guess that this is rare, and will remain rare as long as it's easy for people to find content - nobody will bother inserting a large file if they know it's already available on the network. But using a random key wouldn't defeat the logging attack, so maybe it's a moot point. Cheers, Michael * Please don't just say "opennet sucks, use darknet" - everyone is using opennet and will continue to do so until Freenet reaches critical mass (if it ever does), so we need to make opennet secure.