[HN Gopher] Rollercoaster: Communicating Efficiently and Anonymo...
___________________________________________________________________
Rollercoaster: Communicating Efficiently and Anonymously in Large
Groups
Author : yarapavan
Score : 35 points
Date : 2021-11-09 15:56 UTC (7 hours ago)
(HTM) web link (www.lightbluetouchpaper.org)
(TXT) w3m dump (www.lightbluetouchpaper.org)
| wolverine876 wrote:
| Interesting goals ...
|
| > apps such as WhatsApp and Signal and billions of people around
| the world have the contents of their message protected against
| strong adversaries. However, while the message contents are
| encrypted, their metadata still leaks sensitive information
|
| AFAIK Signal already protects metadata and does group chats. What
| does Rollercoaster add?
|
| (I don't want to turn this into another thread about Signal. I'd
| hope we can focus on what Rollercoaster does.)
| woah wrote:
| How can Signal protect metadata? If the CIA hacks Signal's
| servers and sees a large encrypted payload coming in from me
| and going out to you, they know i texted you an image even if
| they can't see what it is.
| wolverine876 wrote:
| As I said, I don't want to discuss Signal. Their website
| explains a lot of their protocols, but they do protect
| metadata. I think at least one of your assumptions is wrong.
| 0des wrote:
| Discussing Signal is somewhat unavoidable in this context
| though.
| consumer451 wrote:
| > Discussing Signal is somewhat unavoidable in this
| context though.
|
| In which case I feel the need to share this very
| interesting talk from Moxie about the negatives of
| decentralization from the POV of product. I have no
| education or horse in this race, but I found this talk
| very interesting and dare I say brave.
|
| https://www.youtube.com/watch?v=Nj3YFprqAr8
|
| Would love to be pointed to the best counterarguments,
| but again the focus on product was the interesting take
| for me.
| MattJ100 wrote:
| > Would love to be pointed to the best counterarguments,
| but again the focus on product was the interesting take
| for me.
|
| I attempted to summarize the trade-offs in this post:
| https://snikket.org/blog/products-vs-protocols/
|
| There are also a number of responses written by others,
| such as:
|
| - An Objection to "The Ecosystem is Moving":
| https://gultsch.de/objection.html
|
| - "Re. The Ecosystem is Moving":
| https://blog.jabberhead.tk/2019/12/29/re-the-ecosystem-
| is-mo...
|
| - "Have you considered the alternative?"
| https://homebrewserver.club/have-you-considered-the-
| alternat...
| Ar-Curunir wrote:
| Signal does not protect metadata cryptographically; it
| protects it via benevolence of the Signal server operators.
| Things could change any minute.
|
| Rollercoaster protects metadata cryptographically by
| optimizing an existing cryptographic technique called
| mixnets for the group setting.
| dhx wrote:
| Rollercoaster has a decentralised traffic-analysis resistant
| architecture whereas Signal is centralised.
|
| With a centralised architecture such as Signal, Eve could
| monitor when Alice sends a message and correlate it over time
| to which endpoints receive a message soon thereafter. If Bob
| and Carol are in a group chat with Alice and they receive
| messages soon after Alice sends messages, Eve can assume over
| time that they're communicating with each other in a group
| chat. Due to the lack of cover traffic with Signal, the time of
| day, frequency and size of messages can be used to infer what
| they're doing or discussing. For Signal on mobile devices, the
| geolocation of the mobile device known from a cell tower
| network would also provide additional information about what
| Alice, Bob and Carol could be discussing.
|
| With Rollercoaster, the idea is that Eve cannot discern between
| different messages flowing through the network as there is no
| identifying data (including the size of messages which are all
| constant). Eve is also hampered from conducting passive timing
| analysis of submission and receipt of messages (even in group
| chats) because every node on the network is sending messages at
| the same rate all year round and also buffering messages and
| releasing them in a randomised order (not FIFO). To Eve, a
| message being sent by Alice could be a real message, a cover
| message, a real message being relayed 1min after receipt from
| another node or a cover message being relayed 1min after
| receipt from another node.
|
| With protection against Eve performing passive attacks in
| place, the focus moves to protecting against Eve performing
| active attacks including Sybil attacks (owning a considerable
| number of nodes in the network to try and control the entire
| mix net between Alice, Bob and Carol). Rollercoaster is based
| on Loopix[1] which includes "loop cover traffic" to detect Eve
| performing some forms of active attacks. The paper for an
| alternative mix net communication network Miranda[2] has more
| detail on how such mix networks can be defended against active
| attackers, and the numerous limitations that remain.
|
| [1]
| https://www.usenix.org/conference/usenixsecurity17/technical...
|
| [2] https://eprint.iacr.org/2017/1000.pdf
| alexeldeib wrote:
| AFAIK the signal protocol makes no guarantees about metadata.
| Signal the service makes claims about what they store (I.e.,
| very little) but no properties of the protocol guarantee
| metadata anonymity (user X communicated with user Y). At the
| very least I believe signal metadata is vulnerable to traffic
| analysis which is in scope for the threat model for some
| alternate systems.
|
| Vuvuzela would be something closer to providing metadata
| guarantees (observer cannot determine who I communicate with).
| Tor has some similarities.
|
| A quick Google for "metadata anonymous chat" brings up these
| papers, which can point you in a good direction:
|
| Small survey (vuvuzela, pung, tor) and discussion of
| performance/privacy trade off.
| https://www.mit.edu/~yossigi/metadata.pdf
|
| Stadium (similar to vuvuzela, tries to optimize required cover
| noise): https://people.csail.mit.edu/nickolai/papers/tyagi-
| stadium-e...
|
| Dissent/Riffle are also in this vein, although I haven't seen
| much work on those in a few years.
|
| https://dedis.cs.yale.edu/dissent/
|
| Rollercoaster seems to operate in this space, where
| computational overheard required by DC/mixnet solutions grows
| very large with large number of users. The novel contribution
| appears to be reducing that overhead without reducing
| guarantees provided by comparable systems.
___________________________________________________________________
(page generated 2021-11-09 23:01 UTC)