Mixminion

Mixminion is an application for anonymous send and receive digital messages ( remailers ). Mixminion also represents the reference implementation of the protocol of a Type III remailer and was developed in the Python programming language. To transport the messages, a mix network will be used.

General Information

The Mixminion program works as server or client.

End users use the Mixminion client to encrypt messages and send through the Mixminion network to the recipient. Mixminion server, ie, the nodes in the Mix network, run by volunteers, accept messages and pass them on within the network until they have arrived at the receiver.

Basic principle of operation

Each node in the network has a package - key pair of a public and private key, and publishes the public key in a central directory. At regular intervals, a new key pair is generated and the old destroyed. An additional identity key pair, which is not changed, serves to confirm the currently active packet key of the node digitally.

Users can download from a trusted directory data and keys of all nodes and specify the path of a message through the network of nodes. The user selects ( at random or manual), a number of nodes and encrypts the message, in turn, with the public key of the node, starting with the last node in the series. Put simply, the message is oniony protected by several layers of encryption.

Each node can now with its own key to remove the outermost encryption and pass the message to the next node. For each node is only visible where the message comes, and if it is passed. Only the last node in the chain has access to the actual content of the message and deliver the message to the actual recipient.

The first node in the chain thus recognize the sender, the last node in the chain, the content and the recipient - usefully so it should be at least two nodes in the chain. The more nodes are used, the greater the probability that the two (or three, depending on your view ) mentioned partial information can not be linked to.

All messages also have a fixed length of about 32 KB. Larger messages are divided into 32 KB large blocks, smaller messages are padded to this length. This fixed length makes it impossible to identify messages within the network based on their size and track.

Special

Mixminion was designed to avoid known vulnerabilities of existing protocols:

• Mixminion used deliberately not the e- mail message format according to RFC 2822 but implemented its own protocol. When running a server so will no longer fall back on the existing infrastructure to send emails and receive.
• The transmission between nodes encrypted, ie an attacker who injects additional messages into the network, can not identify his own messages and not watching their further transport.
• The rotation of the package key for each node takes place automatically, usually once a month. After this time the packet keys are destroyed by the node, ie that before, are no longer to decrypt intercepted messages that were encrypted with those keys.

Reply to anonymous sender

Mixminion also permits also replies to anonymous sender. This is by Mixmaster (Type II ) is not possible, Mixmaster developing, for example in the case of Nym servers, nor Cypherpunk response units (type I).

It is possible for one half to calculate the header data (the second half ) of the path of a message in advance and pass it as a one-time usable response block ( single use reply block ) to others. When using only the first stop coming back visible, but no other stations or even the destination address of the reply block. Response blocks have an expiration date and can only be used once, at a multiple use later messages are treated as duplicates and already discarded within the network. The same happens if a response block is used after its expiration date.

The first half of the path is set by the respondents, in extreme cases, as two mutually anonymous users can communicate with each other. Normal messages and replies that were sent using the reply blocks also are not distinguishable from each other.

Nym server

Work on the reference implementation of a type III Nym server named " Nymbaron " were set after was published that response block -based Nym server systems are fundamentally vulnerable to statistical attacks. This vulnerability applies to the existing Mixmaster or Cypher punk Nym server, so you did not want to reimplement an already vulnerable style.

Criticism

• Missing functionality compared to Mixmaster (Type II): there are, for example, does not yet support messages to Usenet groups. It can be used however mail2news gateways. While there is a patch that extends the Mixminion support for newsgroups, but this was not integrated into the official code support so that no real server messages to Usenet groups.
• There is a central register of all nodes, which is stored statically in the program text. Turns out this directory Mixminion is no longer usable to the adaptation of the program text. Similarly, a single centralized directory depending on your view may be attacked to be untrustworthy.
• Mixminion is still in alpha stage, meaning that in particular the possibility that there are still bugs in the code to hide that could lead to the loss of anonymity.
• The participating servers may work with settings indeed simplify the tests, but at the expense of anonymity for test purposes. Some servers log their operation in detail.
• There are currently only a small user base. Likewise, the number of servers on the network for years steadily.
• To be the further development of Mixminion seems for the time being asleep ( no more events since September 2007).