Return Styles: Pseud0ch, Terminal, Valhalla, NES, Geocities, Blue Moon. Entire thread

Complete Anonymous Server

Name: Anonymous 2013-08-09 2:16

Is it possible to prevent a chat server from knowing who is talking to who?

such that there exists a function negl such that
Pr[A(x,y)=1] < 1/2+negl(x,y)

where Pr is probability and A outputs 1 if the server can correctly guess if x and y are communicating. negl is defined as asymptotically negligible (i.e. negl<1/p(x) where p is some polynomial).

Name: Anonymous 2013-08-09 3:11

>>1
The server couldn't route chat input to other users if they didn't specify who they were talking to, so instead all chats would go to a central pile of messages that all users have access to. Upon connecting, the user submits a public key and user id to the server, which is made available to all other users. If user A wants to initiate a chat session with user B, user A creates the tuple, (start_token, user_A_id, message_data, user_A_signature), and encrypts it with user B's public key. User B gets the list of new messages, and attempts to decrypt all of them using B's private key. If any of them have a valid start_token at the beginning, the message content and user A's id are processed, an the signature is verified.

It could work if start_token was a content, but that might enable replay attacks. You could make start_token dependant on a timestamp. The cipher would need to resist known plain text attacks.

Oh, this doesn't work since the server can encrypt the start_token with each user's public key and see who is getting messages by tracking the headers of the encrypted messages. The server can tell who sent a message by keeping track of the user's ip addresses and noting which ip the message arrived on. Users would need to either all use the same proxy (which just gives the proxy this information, who can then conspire with the chat server) or an anonymity network.

tldr don't use a central server

Name: >>4 2013-08-09 3:25

You could have a trusted group of friends exchange a shared private key, and they could just encrypt all their messages using the symmetric cipher. Then you would have secure groups. This is better since the server wont have the key that encrypts the start_token. The server will know who is sending what quantity of messages, but wont be able to determine who is receiving them or what they contain. Unless you have a member of your your group that relays decrypted messages to someone.

You would need to do the key exchange in a way so that the server doesn't know who belongs to what group.

Newer Posts
Don't change these.
Name: Email:
Entire Thread Thread List