New Anonymity System Can Guarantee Secrecy If One Server is Trustworthy

[Guest_Jim_*]

A vulnerability was discovered in the Tor network last year that could allow this anonymity-protecting system to be comprised. Fortunately, this year a new system called Riffle has been developed by researchers at MIT and EPFL that can guarantee messages sent on Riffle are safe, if just one server has not been compromised by an attacker.

Like Tor, Riffle uses onion encryption, which wraps data in multiple layers of encryption and as the packages moves through the network, each server removes a layer. In the end, only the final server knows the data's final destination and only the first server knows where it came from. What Riffle adds to this, to further protect the messages, is making the network of servers a mixnet. In a mixnet, it permutes the order of the messages it receives, so if they arrived A, B, C, they will leave C, B, A, or some other permutation, and each server a message goes to does this. This protects against a passive attacked that is just observing network traffic, but on its own does not protect against an attacker that has compromised a server.

To solve that issue, the researchers employ what is called a verifiable shuffle. Because of the layered encryption used for each message, what comes to and leaves the server looks completely different, but the server can be made to generate a mathematical proof that the sent messages are valid manipulations of the originals. Instead of just going off of message the server received though, Riffle has the initial message sent to every server in the mixnet, allowing each server to independently check for any tampering. Generating and checking proofs is not easy though, and could significantly slow down the entire network with just one message, so Riffle also uses what is called authentication encryption. It is more efficient than the verifiable shuffle, but requires the sender and receiver to share a cryptographic key, so Riffle uses the verifiable shuffle technique to share a key between the user and every server, while authentication encryption is used for the rest of the communication.

This combination of techniques means that so long as one server in the entire network has not been compromised. This lone server can verify the authenticity of the message and shuffle the messages so they cannot be tracked.

Source: MIT

Back to original news post