Owner: @Youngjoon Lee

<aside> 🚧 This document was written before we design the new protocol at the offsite (Jun 2024). Now this document is deprecated. All live documents can be found from the root document.

</aside>

Purposes

• Analyzing how successfully a passive adversary can identify the real sender (origin) of a certain message by observing the entire (or partial) network for a long time.
  • From this analysis, we expect to determine the optimal strategy of generating cover traffic (amount, pattern, etc.) that provides a reasonable level of anonymity without exceeding bandwidth limits.
  • Also, we expect to have a clear strategy how to design the mix delays without sacrificing the overall latency of the protocol a lot.

Attacks by Passive Adversary

This section introduces two ways that a passive adversary can try to identify real message origins, before starting analyzing each way deeply with different parameters.

The one attack is expected to be disrupted by generating cover traffic, and the other is expected to be obfuscated by adding mix layers and delays along with cover traffic.

Observing nodes who emit messages at promised timings

From the perspective of a passive adversary, the easiest way to infer the origin of real messages is observing nodes who send messages at the promised time window. In this ways, the adversary cannot identify the origin of a certain message that he wants to target on though. Instead, he can narrow down a set of nodes who are suspected as a real message sender.

Prerequisites

This attack can be performed if the adversary knows the following:

• What timing each node will generate and emit a real message (a block proposal)
  • In Cryptarchia, it depends on the genesis time and slot length.

Attack Details

An adversary filters out nodes who have sent messages at promised time windows (according to message_interval and max_message_prep_time) by observing the network for a long time. The result of the observation is compared to the ground truth that means nodes who actually sent real messages (not cover).

With the following settings, the adversary’s result is 100% the same as the ground truth.

simulation:
  running_time: 300
mixnet:
  num_nodes: 100
  num_mix_layers: 4
  payload_size: 320
  message_interval: 10
  real_message_prob: 0.01
  real_message_prob_weights: []
  cover_message_prob: 0
  max_message_prep_time: 0
  min_mix_delay: 0
  max_mix_delay: 0
p2p:
  type: "gossip"
  connection_density: 6
  min_network_latency: 1
  max_network_latency: 1

Precision: 100.00%, Recall: 100.00%, F1 Score: 100.00%

This result is natural because all nodes who generates real messages emit the messages only at the promised time windows and there is no node who emits fake messages at that timing. Although we set 4 mix layers, it doesn’t help because the message forwarding by mix nodes happens outside of the promised time windows where real messages are initially emitted.