INFORMATION HIDING -- AN ANNOTATED BIBLIOGRAPHY (8/10)

`Untraceable electronic mail, return addresses, and digital pseudonyms'

  • D Chaum, Communications of the ACM v 24 no 2 (Feb 1981) pp 84 -- 88
  • In this classic article, the author introduces mix-nets (anonymous remailers). These decrypt incoming traffic, add or remove padding, reencrypt it and dispatch it in lex- icographically ordered batches. Mechanisms are also discussed for anonymised return addresses, digital pseudonyms, blinded certified mail, and the use of a hierarchy of subnets to provide scalability. The possible application discussed is digital elections.

    `Networks Without User Observability - Design Options'

  • A Pfitzmann, M Waidner, Advances in Cryptology -- EUROCRYPT '85, Springer LNCS 219
  • In normal communication networks, operators and intruders can easily observe when, how much and with whom the users communicate, even if the users employ end-to-end encryption. Once ISDN is used for almost everything, this could becomes a severe threat. There are, however, a number of technical options to keep the recipient and sender (or at least their relationship) unobservable; the authors consider some possible implementations and extensions, and propose some performance and reliability enhancements.

    `The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability'

  • D Chaum, Journal of Cryptology v 1 (1988) pp 65 -- 75
  • Keeping confidential who sends which messages, in a world where any physical transmission can be traced to its origin, seems impossible. The solution presented here is based on passing messages round a ring of participants; it is unconditionally or cryptographically secure, depending on whether it is based on one-time-use keys or on public keys, respectively. It can be adapted to address efficiently a wide variety of practical considerations.

    `Security without Identification: Transaction Systems to Make Big Brother Obsolete'

  • D Chaum, Communications of the ACM v 28 no 10 (Oct 1985)
  • By partitioning consumer information into separate unlinkable domains through the use of user-created "digital pseudonyms," the dangers inherent in large-scale automated transaction systems, as currently structured, can be avoided.

    `How to Break the Direct RSA-Implementation of MIXes'

  • B Pfitzmann, A Pfitzmann, Advances in Cryptology -- EUROCRYPT '89, Springer LNCS 434
  • MIXes are a kind of anonymous remailer, suggested by David Chaum in 1981. If RSA is used as this cryptosystem directly, i.e. without hashing to destroy the mul- tiplicative structure, the resulting MIXes can be broken by an active attack which is perfectly feasible in a typical environment. The attack does not acct the basic idea of MIXes, provided they are implemented carefully; but it does show that present security notions for public key cryptosystems may not suffice for a system which is to provide a service such as anonymity. We also warn of attacks on further possible implementa- tions of MIXes, and we mention several implementations which are not broken by any attack we know.

    `Unconditional Sender and Recipient Untraceability in Spite of Active Attacks'

  • M Waidner, Advances in Cryptology - EUROCRYPT '89, Springer LNCS 434
  • A protocol is described to send and receive messages anonymously using an arbi- trary communication network; it is unconditionally secure. This improves a result by Chaum: The DC-net guarantees the same, but on the assumption of a reliable broad- cast network. Since unconditionally secure Byzantine Agreement cannot be achieved, such a reliable broadcast network cannot be realized by algorithmic means. The solu- tion proposed here, the DC+-net, uses the DC-net, but replaces the reliable broadcast network by a fail-stop one. By choosing the keys necessary for the DC-net dependently on the previously broadcast messages, the fail-stop broadcast can be achieved uncondi- tionally secure and without increasing the complexity of the DC-net significantly, using an arbitrary communication network.