A word on unconditional untraceability

1

• A word on unconditional untraceability
• Presenter David Heigl

2
Source paper
The Dining Cryptographers Problem Unconditional
Sender and Recipient Untraceability Written
by David Chaum Centre for Mathematics and
Computer Science Amsterdam, Netherlands
3
Outline

• Introduction to protocol
• Assumptions
• Extensions of the protocol
• Results of collusion
• Proof of security
• Disruptions
• Further study suggestions
• Conclusions

4
Protocol Introduction

• Three cryptographers at dinner
• Maitre d informs them the bill is paid
• Respect anonymity
• Still transmit information
• Devise protocol to enable this communication

5
1000 words
6
Assumptions/facts

• No theft of keys (all collusion is voluntary)
• Anonymity is only from outside in groups of two
• Anonymity is available to outside and
  participants for groups of three or more.
• A new key is used each round.
• This is an extension/derivative of the one time
  pad.
• Collisions are easily resolved (even vs. odd)

7
Extending the protocol, 1
8
Extending the protocol, 2
9
Collusion, 1
10
Collusion, 2
11
Proof of Security (PoS, natch )

• Stochastic variables? Finite fields? Whatcha-wha?
• Gotta make it simpler for the mathematical
  infidel
• Assume fully interconnected graph
• Each diner holds (n-1)/n! of the total key
• Only parity information is revealed publicly
• Without (n!-1) knowledge of the key space (n-1
  collusion), parity information is useless.
• 1/2 is best guess for any given players
  involvement without n-1 collusion
• Each topology changes the results of collusion,
  but maintain strength of cooperation
• Ring topology results in any collusion pair being
  able to determine the output of a diner between
  them, for example

12
Disruption

• Purposeful (or accidental) channel flooding
• Many possible prevention mechanisms
• Require commit before transmit, or simultaneous
  transmit
• Block reservation protocol (careful!)
• Fully define network layout
• Rely on trasmission mediums that guarantee some
  or all of these qualities

13
Addition Considerations

• Key generation
• In person exchange/classical exchange methods
• Locked pseudo-random generators
• Underlying topology
• Ring and full graph already discussed
• Classic network theory applies in improving
  bandwidth utilization
• Mix-nets and security combinations
• Web-of-Trust (down boy!)

14
Further Study, 1

• Chaum, D., Untraceable Electronic Mail, Return
  Addresses, and Digital Pseudonyms, Communications
  of the ACM, vol. 24, no. 2, February 1981, pp.
  84-88.
• Chaum, D., Security Without Identification
  Transaction Systems to Make Big Brother Obsolete,
  Communications of the ACM, vol. 28, no. 10,
  October 1985, pp. 1030-1044.
• Diffie, W., and Hellman, M.E., New Directions in
  Cryptography, IEEE Transactions on Information
  Theory, vol. 22, no. 6, November 1976, pp.
  644-654.

15
Further Study, 2

• The Cocaine Auction Protocol On the Power of
  Anonymous Broadcast Stajano and Anderson
  (2000?)
• Additional application of graph theory and
  communication media to improve resiliency versus
  disruption
• Combination with pkc and star topology to provide
  collusion prevention

16
Questions?