SERVING THE QUANTITATIVE FINANCE COMMUNITY

 
User avatar
Traden4Alpha
Posts: 23951
Joined: September 20th, 2002, 8:30 pm

Crypto problem

March 5th, 2014, 2:53 pm

TOR is good unless the man-in-the-middle can infect the payload information with something that reveals the recipient's location or identity (e.g., an URL to a 1x1 pixel GIF).But is there a way to scatter your data more broadly and have friends reading many scattered datasources. I'm thinking of something analogous to RAID in which you stripe fragments of your data to many independent places and your friend can reconstruct the message by visiting any sufficiently large (but randomly varying) subset of those locations. It's like leaving crumbs in 100 the train stations and as long as the friend visits 20 of them, they get the message (but there's so many other crumbs at every trainstation that the spy can't tell which depositor the retriever is looking for). If the pool of people depositing fragments is large, the pool of locations is large, and the pool of retrievers is large, it would become virtually impossible to tell which retriever was connecting to which depositor because any given retreival act would be potentially linked to many depositors. Moreover, if both the deposit patterns and retrieval patterns are spread over time (e.g, each action is dribbled over many minutes or hours), then even the time correlations become messy because the metadata collector can't tell which set of deposit data fragments constitute a payload message and which set of retrieval data fragments constitute a payload message. If the depositor is storing data fragments for many different friends at the same time and the retriever is reading data fragments from many different friends at the same time, it all becomes much more fuzzier.
Last edited by Traden4Alpha on March 4th, 2014, 11:00 pm, edited 1 time in total.
 
User avatar
Edgey
Posts: 219
Joined: March 23rd, 2005, 11:01 am

Crypto problem

March 5th, 2014, 3:06 pm

It is a version of the book cypher, but the encrypton part was of my scheme was incidental. The main idea was to make the location of the data very public, so it would be impossible to separate the friend from a stranger. So long as the method for referencing the data was smaller than the data stored at that location then you could recursively reduce the message size to something practical.
 
User avatar
Edgey
Posts: 219
Joined: March 23rd, 2005, 11:01 am

Crypto problem

March 5th, 2014, 3:31 pm

Ah, I was seeing the only difference between an "A->B transfer" and an "A->storage and then later B<-storage" as the size of the file. The w,x,y,z coordinates are sent using a secure A->B protocol, but the bulk of the message is decoded from the w,x,y,z coorinates.So how about I publish my w,x,y,z coordinates in the classifieds of newspaper that everyone reads.
Last edited by Edgey on March 4th, 2014, 11:00 pm, edited 1 time in total.
 
User avatar
Traden4Alpha
Posts: 23951
Joined: September 20th, 2002, 8:30 pm

Crypto problem

March 5th, 2014, 3:40 pm

QuoteOriginally posted by: outrunYes I was also thinking about RAID os something like that. Maybe fountain codes?Suppose that 1.000 people a storing 1Kb messages, then ideally I want to read only 1-2Kb of data and be able to extract my message from that. If that retreived data depends on *all* 1000 messages in some uniform way (like a checksum) then there is no way to link me to some specific message depositor.Asking for efficiency seems like asking for non-anonymity.Assume that one cannot hide the act of writing or reading from the operator of the storage location. That is, we can expect the spy to know every time a given byte is written or read.one must reduce the information content inferable by each write and read. That seems to imply that each write and read must be diluted with non-message data. That seems especially unavoidable if one has a persistent relationship with a small number of friends and passes many messages back and forth.The clever exception might be if one can dilute one's writing of one message with data from other messages and one can dilute the read process of one message with data from other reads. It would be a kind of encrypted multiplexing of writes and reads. Yet I can't help but think there would be some inefficiency.An perfectly efficient solution seems to imply that there is exactly one way to write the message and read the message. The exactness of that solution makes me hypothesize that a sufficiently clever spy can reconstruct what's happening on the basis that a unique solution must exist.Note: I wonder if Tor solves illegal interception at the government level. It's one thing when the man-in-the-middle inhabits a single server or single node of the network (i.e., they can't see what's happening more than a hop or two away from their location). It's another thing when the man-in-the-middle has access to every bit of infrastructure (the backbone, ISPs, and all major data storage services). Tor only has 5000 public routers which seems like a tractable number of targets for being compromised by someone with billions of dollars in resources.
 
User avatar
Traden4Alpha
Posts: 23951
Joined: September 20th, 2002, 8:30 pm

Crypto problem

March 5th, 2014, 3:50 pm

QuoteOriginally posted by: outrunQuoteOriginally posted by: EdgeySo how about I publish my w,x,y,z coordinates in the classifieds of newspaper that everyone reads.brilliant!It's a central place (the newspaper) where all secret communicators public their secrets (the classifieds), and the secrecy comes from the fact that a lot of people are reading the paper.Especially the online edition!
 
User avatar
tagoma
Posts: 18351
Joined: February 21st, 2010, 12:58 pm

Crypto problem

March 5th, 2014, 9:05 pm

Leader of the Chinese communist party or in the furniture sector in Sweden
Last edited by tagoma on March 4th, 2014, 11:00 pm, edited 1 time in total.
 
User avatar
MHill
Posts: 488
Joined: February 26th, 2010, 11:32 pm

Crypto problem

March 5th, 2014, 10:30 pm

QuoteOriginally posted by: Traden4AlphaQuoteOriginally posted by: outrunQuoteOriginally posted by: EdgeySo how about I publish my w,x,y,z coordinates in the classifieds of newspaper that everyone reads.brilliant!It's a central place (the newspaper) where all secret communicators public their secrets (the classifieds), and the secrecy comes from the fact that a lot of people are reading the paper.Especially the online edition! Nice idea - ads and billboards. The electronic one I could see working is ebay. You post a new item for sale. The main picture you post contains the encrypted information. The recipient then just has to browse the category to see the info. They take a screen dump, and can later decode the message. They don't need to click on the link to the item, which would directly associate them with you.
 
User avatar
Traden4Alpha
Posts: 23951
Joined: September 20th, 2002, 8:30 pm

Crypto problem

March 6th, 2014, 1:05 am

If a sender writes a chunk of data to 1 location and exactly one person reads that data, the spy knows who the recipient is. If a sender writes a chunk of data to a location and N1 people read that data, the spy can infer that at least 1 recipient is among the N1. The only way to hide is for N1 to be large which implies that as many as N1-1 people must unnecessarily retrieve the chunk of data (like the example of the newspaper -- everyone gets all the data).If a sender writes a second chunk of data to a location and N2 people read the data, the spy can infer that at least 1 recipient is among the N2. Moreover, if the intersection of the N1 and the N2 recipients is not empty, the spy might hypothesize that someone in the intersection is a friend of the sender. The only way to hide is to ensure that the intersection is large, too (like the example of the newspaper -- almost same people get all the data everytime).
 
User avatar
MHill
Posts: 488
Joined: February 26th, 2010, 11:32 pm

Crypto problem

March 6th, 2014, 7:41 am

QuoteOriginally posted by: outrunQuoteOriginally posted by: MHillTerrorist and anarchist websites may have some tips too...The average person should be able to have anonymity too if they wish. There is nothing evil about not wanting governments, corporates or hackers to spy on you. Eg the British intelligence hacking yahoo accounts and recording millions of webcams secretly is too much big brother for me. Nothing is apparently illegal for them, they are allowed to do that type of stuff secretly. the government won't protect us, so we should make it impossible via development of unbreakable crypto building blocks.Sure. My point is that these people (and other criminal networks) should have already invested a lot of energy into resolving this problem. I can cope with my shipment of heroin getting seized, but I need my network to remain uncompromised. My terror plot can be foiled, but I need my cell members to remain anonymous for the next plot.
 
User avatar
MHill
Posts: 488
Joined: February 26th, 2010, 11:32 pm

Crypto problem

March 6th, 2014, 7:43 am

QuoteOriginally posted by: Traden4AlphaIf a sender writes a chunk of data to 1 location and exactly one person reads that data, the spy knows who the recipient is. If a sender writes a chunk of data to a location and N1 people read that data, the spy can infer that at least 1 recipient is among the N1. The only way to hide is for N1 to be large which implies that as many as N1-1 people must unnecessarily retrieve the chunk of data (like the example of the newspaper -- everyone gets all the data).If a sender writes a second chunk of data to a location and N2 people read the data, the spy can infer that at least 1 recipient is among the N2. Moreover, if the intersection of the N1 and the N2 recipients is not empty, the spy might hypothesize that someone in the intersection is a friend of the sender. The only way to hide is to ensure that the intersection is large, too (like the example of the newspaper -- almost same people get all the data everytime).If sender and recipient can use multiple identities, that should help them hide in the intersection.
ABOUT WILMOTT

PW by JB

Wilmott.com has been "Serving the Quantitative Finance Community" since 2001. Continued...


Twitter LinkedIn Instagram

JOBS BOARD

JOBS BOARD

Looking for a quant job, risk, algo trading,...? Browse jobs here...


GZIP: On