You can roughly classify anonymity system designs that go beyond Tor of course.
First, there are several schemes in which bandwidth is roughly quadratic in the number of participants, including broadcast with trial decryption, dining cryptographer's networks (DC-nets), and private information retrieval (PIR). In general, these schemes are only useful when you want anonymity within a small group of participants, but some like DC-nets can provide lower latency equal or better than onion routing in Tor. As ethernet is already a broadcast protocol, one serious application is anonymity among the set of people who connect to a specific wifi network. In fact, there are ISP who prioritize privacy, so if one considers smallish anonymity sets with low-latency interesting then maybe one should explore really cheap solutions provided by alternative low-level network stacks that merely make logging hard, probably highly asymmetric like layers of broadcast for inbound packets, and another scheme for outgoing packets, including ACKs. Second, mix networks require only linear bandwidth, but they add considerable latency. There are also schemes known as verifiable mix networks in which bandwidth is linear in the number of participants, but the computation is quadratic. Alpenhorn includes a verifiable mixnet layer. Interestingly, almost all mix network schemes require broadcast for their "consensus" document to avoid "epistemic attacks", like Tor does. These can scale up to very roughly 10 million times as many users as a pure broadcast scheme, and Tor could squeeze out a few more orders of magnitude, but running a mix network with billions of users needs a break through in random peer selection with incomplete network knowledge. IBE provides options here, but creates an even bigger weaknesses. Jeff
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
