Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] limits of anonymity network defenses to active and pervasive passive attacks (Re: DuckDuckGo vs Startpage)

Adam Back adam at
Wed Jun 26 02:02:59 PDT 2013

>From the zero-knowledge systems days we wrote down our conclusions about the
tradeoffs in anonymity networks in this paper, comparing ZKS freedom network
(ToR precursor) with Wei Dai's pipenet and other systems.

Apr 01 - "Traffic Analysis Attacks and Trade-Offs in Anonymity Providing
systems", Information Hiding 2001, Adam Back, Ulf Möller and Anton Stiglic 

The main aspect of which is that Dai's pipenet design mixed connection
establishments synchronously to avoid active attacks, however by doing that
became vulnerable to catastrophic DoS by participants joining and then
intentionally failing to send packets.  Freedom took some kind of hybrid
approach that would be less secure against active attacks (or pervasive
eavesdropping, such as we now learn PRISM).

We did not see at that time a way to avoid the tradeoff where to defend
against active attacks, a design did not automatically become vulnerable to
DoS.  I ould be curious if any of the current iterations of designs of ToR,
i2p or academic unimplemented/undeployed designs advanced that state.

My personal take on this was that the average Joe is not doing anything
important enough to warrant NSA revealing its ToR connection correlation
capabilities (you hope).  More important to them would be a kind of
discovery or subpoena resistance analogous for their identity of the way
corporations typically will have a document retention policy (more a
document destruction policy after a period of 6months or a year, to pre-empt
leaving documents available to competition in event of hostile law suit).

In particular I designed the freedom 2.0 pseudonymous mail system
2000, Tech report - Freedom 2.0 Mail System, McFarlane et al

optimized around on this assumption.  Freedom 1.0 mail system was built
using reply blocks, however inherent in reply blocks is a subpoena target to
unwrap the final address via however many intermediate nodes.  In the 2.0
system it was basically a big pop server full of end2end encrypted mail,
that users connected to over a forward anonymous network transport. 
Actually the freedom network was not end2end forward anonymous, but that
feature was implemented in a prototype at ZKS called chainsaw, and
subsequently in open source cebolla.  I think (presume/hope) at this stage
ToR/i2p also include the end2end forward anonymity concept.  (It might be
that I invented that - I am not sure if there were previous inventions of
that concept, or if I merely reinvented it, anyway IMO its a rather
important feature for an anonymity network)


On Wed, Jun 26, 2013 at 09:34:04AM +0100, Nick wrote:
>Quoth Mike Perry:
>> If you're talking about attacks as strong as end-to-end correlation,
>> then it turns out hidden services have similar weaknesses on that order.
>> There are a number of points where the adversary can inject themselves
>> either to observe or manipulate hidden service circuit construction.
>> ...
>Many thanks Mike for the detailed response; I wasn't aware of this
>> Still, despite all of this, I still think hidden services have an
>> important roll to play in Tor. The search engines of today just aren't
>> the proper use case for them right now.
>That makes sense. Hidden services are still obviously important for
>running servers that can't safely reveal their location, anyway.
>Thanks again.
>Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at or changing your settings at

More information about the liberationtech mailing list