Mix network

The concept introduced by David Chaum 1981 ( umkodierenden ) mixes used for anonymous communication within a network. In this case, messages are not sent directly from sender to recipient, but ( called mixes ) through several intermediate stations conducted. The goal is the anonymisation of the communication relationship, what the underlying concept leads to a dependent of the following three forms:

• The receiver remains anonymous to the transmitter
• The transmitter remains anonymous to the recipient
• Sender and recipient are each other anonymously

The most important property, the protection of traffic information to outside parties is realized by all three concepts.

A mix plays the role of a news agent, similar to the function of a proxy. He accepts messages and ensures that he then passed- messages can not be related to the adopted by him in relationship. This additional function, in turn, sets it apart from a standard proxy server.

Basic Functions

So there is no way for outsiders to put messages between input and output of a mix in relationship, this is called bridging the mix, a mix has to perform some basic functions on the news:

• Deleting duplicates

• Gathering news

• Recode the News

• Resorting the News

• Other aspects

Confines

If properly implemented by complete functionality a particular communication relationship can only be detected by three ways.

• All mixes that have been traversed by a message that work together.
• All other transmitters and receivers simultaneously blended in all Mixes messages work together.
• An attacker has unlimited computing power (not computationally limited attacker).

Recoding

The re-coding of messages is achieved by encryption or decryption, ie, the messages must be either decrypted upon receipt again or encrypted before sending.

Sender anonymity

For a detailed explanation of some terms are required:

• ... Encrypt the message with the public key
• Address ... and public key of the mix
• Address ... and public key of the recipient
• Random number ...

The random numbers are added to the plain texts in order to achieve a non- deterministic encryption. This is necessary so that messages with the same message content does not generate the same ciphertext and therefore are filtered from the mix. For ease of viewing, you can omit the random numbers so.

The sender selects a sequence of mixing, by which he wants to send the message anonymously to the recipient, for example. He sends the following to the first mix:

The first mix decrypts it with his private key. This gives him the address of the next mix. The random number is discarded. The first mix sends the following to the second mix:

This decrypted and discards the random number. This can be continued arbitrarily. The last mix find out the address of the recipient. It then sends this. The recipient can decrypt the message with his private key. If the recipient has no public key, the message from the last mix to the receiver must be transmitted unencrypted.

General encrypts a sender who wishes to remain anonymous, his message recursively as follows:

Receiver anonymity

Want an anonymous recipient be accessible, it must first inform you about how this contact is to take him to the station. This information is known as an anonymous return address. The sender will not know which mixes the recipient selected for the transmission of the message. He only knows the first mix. After the receiver has chosen a sequence of mixing, he can let the transmitter send the anonymous return address. Suppose the receiver selects as above, then it sends to the sender:

Which are symmetrical keys which can be used when sending the message from the transmitter to the receiver, of the mixes for the encryption. The receiver knows the key. He receives and can decrypt it. The use of asymmetric keys, as in the case of the transmitter anonymity is not possible, since the transmitter does not know the order of the mixes in this case.

In general, the anonymous return address is thus recursively constructed as follows:

The anonymous return address transmitted to the receiver using the Umkodierungsschemas for sender anonymity to the sender. It is therefore

• The receiver of the message is equal to the sender of the anonymous return address and
• The sender of the message is equal to the receiver of the anonymous return address.

The names of the sender and receiver here always refer to the message. The first mix is always the mix on the side of the transmitter, the last mix on the other hand on the side of the receiver. In the case of two mixes, the receiver would transmit the following to the last mix:

The sender now knows and. In order to transmit the message to the receiver, it sends the following to the first mix:

The decrypted first mix

, giving it and. He sends

To mix with the address. This is continued until the message arrives at the receiver.

In this case, no random numbers need to be with encrypted because the randomly selected key is already included. The receiver knows the key, as he has chosen himself. It receives, as previously described,

And must decrypt it yet.

Transmitter and Receiver Anonymity

In order to maintain anonymity on both sides, the Umkodierungsschemen for transmitter and receiver are combined. A mix in the middle serves as a turning point. The receiver sends this mix using the schema for the receiver anonymity anonymous return address. The anonymous return address is latched from the mix, until the transmitter sends its message according to the sender anonymity scheme to this mix. This delivers the message using the anonymous return address to the recipient. To send a message to the sender to request to the mix in the middle could send via broadcast a request to all possible senders.

In practice, the schemes described are even more complicated, as it is also used for the parts in which asymmetric cryptography, wants to use faster symmetric encryption. The solution is so-called hybrid cryptosystems.

Mix channels

The described system is primarily adapted to send individual messages of a predetermined length ( blocks). If longer data streams are transmitted, one extends the concept of hybrid encryption: The data exchanged between the mixes symmetric key not only be used for the encryption of a single block, but also for all subsequent blocks. If a mix channel between the transmitter and receiver can be established, the sender has to send a channel setup message, which has the task of distributing the symmetric keys between the mixes. After completion of data transmission, the channels are degraded at a channel release message again. There are a practical problem: The channels must be established simultaneously within a group anonymity and dismantled, as an observer of the network otherwise, could bridge the basis of the time of Kanalauf or cleardown, all mixes. This problem can be circumvented by introducing a system clock, and at each clock breaks down all channels and when needed rebuilds ( time slice channels).

Applications

Within real-time systems, such as Tor or JAP, which can be used to surf the Internet there is a particular problem: gathering news is practically impossible to carry out. For a collection of news from as many stations one would accordingly have to wait long. But this contradicts the functionality of these systems, seeking the shortest possible response times. Characterized the collecting step in this type of system is omitted altogether or kept very short. Accordingly, largely because work is always carried only on a very small messages or groups of messages will also eliminate the reordering of messages. From this therefore lead to a restriction of the safety of these procedures. The mixes can be bridged to an attacker by means of the mentioned above for the single-step methods.

Also, deleting duplicates, also called replay detection is often not performed at real-time systems. The reasoning is that there must be a database of all previously processed messages for such recognition. Even if only hashes are stored messages, these databases grow still very fast. In addition to the required storage and search operations in these databases take a long time and need computing power. Timestamp method can here but remedy the situation, so that the databases must always be kept only for certain periods of time. Still only Umkodierungsschritt is performed at real-time systems, often. These systems are thus correspondingly vulnerable to attack.

Protection against the mix operators

In addition to the sender of a message can of course carry out a mapping between all input and output messages and the mix operators themselves, since all steps of the mix are transparent to him. For this reason, several of these mixes are used in succession, which are controlled by different operators. The hope is that these different mix operators then do not all work together. Otherwise, they could work together to also discover all messages relations. Once already but does not cooperate a mix operators, anonymity is assured.

There have been established, two different methods for this: the Wi -based routing Onion routing and the use of solid mix cascades. The two methods differ with respect to the underlying attacker models. Therefore, they are difficult to compare especially with regard to the practical protection of anonymity.