[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] Typesetting issues.
Update of /home2/freehaven/cvsroot/doc/mixmaster-vs-reliable
In directory moria.mit.edu:/tmp/cvs-serv23895
Modified Files:
mixvreliable.tex
Log Message:
Typesetting issues.
Index: mixvreliable.tex
===================================================================
RCS file: /home2/freehaven/cvsroot/doc/mixmaster-vs-reliable/mixvreliable.tex,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -r1.23 -r1.24
--- mixvreliable.tex 30 Jun 2004 23:50:32 -0000 1.23
+++ mixvreliable.tex 30 Jun 2004 23:56:14 -0000 1.24
@@ -93,18 +93,18 @@
input and an output messages by looking at the time the message arrived to
and left from the mix.
-The idea of mixes was introduced by Chaum \cite{chaum-mix}. This first
+The idea of mixes was introduced by Chaum~\cite{chaum-mix}. This first
design was a \emph{threshold mix}, a mix that collects a certain number of
messages and then flushes them. Since then, variants on this first design
have been proposed in the literature. In this paper, we focus on two
practical mix designs that have been implemented and are part of the
-Mixmaster remailer network\cite{mixmaster-announce}, which has been
+Mixmaster remailer network~\cite{mixmaster-announce}, which has been
providing anonymous email services since 1995.
The first design is called ``Mixmaster'' (as the remailer network) because
it is descended from the original software program designed by Cottrell
\cite{remailer-attacks,mixmaster-spec}. The second design, called
-``Reliable'', uses a different reordering strategy.~\cite {RProcess} The
+``Reliable'', uses a different reordering strategy~\cite {RProcess}. The
details of the two remailers are explained in the following sections. We
compare version 3.0 of the Mixmaster software and version 1.0.5 of
Reliable.
@@ -118,7 +118,7 @@
for the two protocols generally do not overlap, this does not impact
our results. The Cypherpunk remailer protocol is known to contain
numerous flaws, and should not be used if strong anonymity is
- required\cite{remailer-attacks,mixminion}.}
+ required~\cite{remailer-attacks,mixminion}.}
is a \emph{pool} mix. Pool mixes process the messages in batches. They
collect messages for some time, place them in the pool (memory of the
mix), and select some of them for flushing in random order when the
@@ -138,7 +138,7 @@
\end{verbatim}
Mixmaster is represented in the generalised mix model proposed by
-D\'iaz and Serjantov \cite{DS03} as shown in
+D\'iaz and Serjantov~\cite{DS03} as shown in
figure~\ref{fig-mm}. In this model, the mix is represented at the time of
flushing. The function $P(n)$ represents the probability of a message
of being flushed by the mix, as a function of the number $n$ of
@@ -157,7 +157,7 @@
\subsection{Reliable}
Reliable is loosely based on the Stop-and-Go (\emph{SG Mix}) mix proposed
-by Kesdogan \emph{et al.} in \cite{stop-and-go}. In SG mixes (also called
+by Kesdogan \emph{et al.} in~\cite{stop-and-go}. In SG mixes (also called
\emph{continuous mixes}), the users generate a random delay from an
exponential distribution. The mix holds the message for the specified
delay and then forwards it. The messages are reordered by the randomness
@@ -233,14 +233,14 @@
In this section we introduce the anonymity metrics for mixes and we
present the attack model which we have considered. Let us first define
anonymity in this context. \emph{Anonymity} was defined by Pfitzmann
-and K\"ohntopp \cite{Pfitzmann00} as \emph{``the state of being not
+and K\"ohntopp~\cite{Pfitzmann00} as \emph{``the state of being not
identifiable within a set of subjects, the anonymity set''}.
The use of the information theoretical concept of entropy as a metric for
-anonymity was simultaneously proposed by Serjantov and Danezis in
-\cite{Serj02} and by D\'{\i}az \emph{et al.} in \cite{Diaz02}. The
-difference between the two models for measuring anonymity is that in
-\cite{Diaz02} the entropy is normalized with respect to the number of
+anonymity was simultaneously proposed by Serjantov and Danezis
+in~\cite{Serj02} and by D\'{\i}az \emph{et al.} in \cite{Diaz02}. The
+difference between the two models for measuring anonymity is that
+in~\cite{Diaz02} the entropy is normalized with respect to the number of
users. In this paper we will use the non-normalized flavour of the metric.
The anonymity provided by a mix can be computed for the incoming or for
@@ -271,13 +271,13 @@
the anonymity obtained for a large number of messages and provide
comparative statistics, as we do in this paper.
-In order to measure Mixmaster's sender and recipient anonymity, we
-have applied the formulas provided by D\'iaz and Preneel in
-\cite{diaz_ih04}. The anonymity of Reliable has been measured using
-the formulas presented in Appendix~\ref{form-reliable}. Note that we
-could not apply the method used by Kesdogan \cite{stop-and-go} because
-we did not make any assumption on the distribution of the mix's incoming
-traffic (Kesdogan assumes incoming Poisson traffic).
+In order to measure Mixmaster's sender and recipient anonymity, we have
+applied the formulas provided by D\'iaz and Preneel in~\cite{diaz_ih04}.
+The anonymity of Reliable has been measured using the formulas presented
+in Appendix~\ref{form-reliable}. Note that we could not apply the method
+used by Kesdogan~\cite{stop-and-go} because we did not make any assumption
+on the distribution of the mix's incoming traffic (Kesdogan assumes
+incoming Poisson traffic).
\subsection{Attack model}
@@ -291,7 +291,7 @@
effectively compute the anonymity set size for every incoming and
outgoing message.
-Previous work by Serjantov \emph{et al.} \cite{sds} has focused on
+Previous work by Serjantov \emph{et al.}~\cite{sds} has focused on
active attacks on several mix designs. We refer to this paper for
complementary information on the resistance of several mixes to active
attackers.
@@ -504,7 +504,7 @@
\subsection{Analysis of Reliable}
-The theoretical method proposed in \cite{stop-and-go} that gives a
+The theoretical method proposed in~\cite{stop-and-go} that gives a
probabilistic prediction on the anonymity provided by Reliable is
based on the assumption of Poisson traffic. As we have seen, this assumption
is definitely not correct for mix traffic.
@@ -821,7 +821,7 @@
non-host based active attacks such as $(n-1)$ attacks. The anonymity
strength of a remailer should not require pool values to be hidden, and
countermeasures to this class of active attacks should be
-taken.~\cite{rgb-mix}
+taken~\cite{rgb-mix}.
\section{Conclusions and future work}
***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs in the body. http://freehaven.net/