Metrics and Tracing

• Mixnet security
  • Timing obfuscation: The number of packets being mixed in each mix node ($\lambda/\mu$ on average)
  • Sender / Receiver unobservability
    • ⌛Ingress/egress (bandwidth) of each Nomos node (embeds mix client and mix node)
• Latency
  • Distribution of random delays generated by Poisson
    • Poisson emission from mix clients
    • Poisson delays in mix nodes
  • How many packets are failed to be broadcasted within the expected time period (e.g. slot)?
    • How does this change according to the message redundancy and Poisson parameter?
• Mix route distribution
  • The number of times each route / mix node has been selected

Empirical Analysis

• Loopix p7: Record the traffic flow for a single mix node and compute the distribution of probabilities that the outgoing message is the adversary’s target message. Given this distribution we compute the value of Shannon entropy (see Appendix A), a measure of unlinkability of incoming to outgoing messages.
  • This is just for proving that the $\lambda/\mu$ indicates the quality of anonymity. Thus, we may not need to do this ourselves.
• Loopix 4.3: Expected difference in likelihood metric for end-to-end anonymity evaluation (sender-receiver unlinkability).
• Bow-Tie paper: To check the effect from topology design
  • Time to first compromise
  • Compromised fraction of paths
  • Guessing entropy

⌛ Performance Test

• Loopix 5
  • Check the max bandwidth first by measuring the rate at which a single mix node processes messages, for an increasing overall rate at which users send messages.
  • Check that the number of clients doesn’t affect the average latency overhead because the main overhead is the cost of routing and decoding relayed messages. It also show that Loopix scales well for an increasing number of users.
  • Check that the end-to-end latency is determined by delays and follows the Gamma distribution with parameter being the sum of the exponential distribution parameter over the number of servers on the path, by measuring latency with increasing the delays.

Design Improvement Idea

• According to Loopix Theorem 2, introducing loop cover traffic generated by mix nodes is helpful to obfuscate the adversary’s view and decrease the probability of successfully linking input and output of the mix node. Do we need to adopt it? It’s also good to notice the n-1 attack as described in Loopix 4.2.

What’s beneficial from collaborating with DST

<aside> 💡 The following bullet points have been organized in Nomos X DST

</aside>

My understanding from Initial talks with DST:

• What DST has but what we don’t have: A huge cluster of high-performant nodes and know-hows to run large-scale tests

• Basic process is asking them for tests manually or periodically and getting reports from them.

  Initial suggestion: