1. One of the underlying cryptographic principles is multi-party / secure-party communication (https://en.wikipedia.org/wiki/Secure_multi-party_computation). e.g., three people want to share their salaries to each other, but don't want the information to be traceable to back to the source.
2. Another is Steganography, hiding text in, say, an image, or audio.
3. You want to prevent the problems with Signal, Tor, Bitcoin, etc. This means, no "50%" problem like Bitcoin, no monitoring of exit nodes like Tor, no centralized distribution issue like Signal.
Imagine:
Alice "sends" a message to Bob by creating an account on Reddit and posts a cat meme which has the hidden text (steganography).
Bob knows how to find the text in that cat meme, and responds by posting something on Twitter, which Alice can read and decrypt.
All this is deniable (I didn't get anything from Alice!), available (e.g., Twitter goes down), and secure.
Indeed. For extra security, post cat pics to three different image boards; only by successfully combining all three can the receiver decode the message. If you are limited by the speed of finding / generating new cat pictures, publish frames from public webcam feeds that show life in a big aquarium, or sunsets, or clouds, or apply artistic filters on hourly charts of stock-trading sessions, etc. Make sure that not every picture contains a part of a message, but that every picture has steganography-like minor alterations, also explainable by applying a sensible but crude filter. In general, you can lace any of the plentiful reasonably stochastic streams with a steganogrphic side-channel.
The approach has limitations: your bandwidth is very low, and your latency is also pretty poor. Worse yet, you have to first establish a complicated protocol between you and your counterparty. In general, I think, it's not cracking your byzantine protocol that would ruin you, but a couple of small opsec mistakes (see Dread Pirate Roberts and the end of Silk Road), and these mistakes may be not even done by you but by your counterparty. Spear-phising, exploiting the local system that runs the communication and has some sensitive material in plain text, game over.
The problem with highly secure and clandestine communication (or any other activity) is that it makes your whole life complicated enough, puts enough extra strain on you, that you become noticeable by that alone. Maybe not immediately, but the probability of a small mistake that could put you on a watch-just-in-case list of a willing state-level actor is always nonzero. This does not mean that the situation is hopeless, but rather means that you have a time limit before your cat-posting scheme, still unbroken, becomes irrelevant, given enough interest from The Man against whom you conspire.
The problem with highly secure and clandestine communication.... it makes your whole life complicated enough, puts enough extra strain on you, that you become noticeable by that alone.... always nonzero.... a time limit before your cat-posting scheme, still unbroken, becomes irrelevant, given enough interest from The Man against whom you conspire.
Hide in the noise, embrace counter-culture, call it while you're up.
Oh, and they have everything forever, so you can't ever make a mistake against future adversaries, within your risk-window.
and if you think the Latina Beaches will serve you as they did those delusional fantasies, they watch those, too.
The beaches, that is.
You can still fantasize about it, though.
If those before you tell you to beware of dragons, do not sneer at their skeletons.
p2p leaks the 'metadata' of the network connections. It makes it trivial for someone to know that these two nodes are talking to each other. A goal of this, and other similar protocols, attempt to prevent that sort of metadata analysis.
> provided there’s a back door or vulnerability that only (1) knows about.
Do you have any examples from existing tools, e.g. Tor, for which that's true? Tor's been around a long time-- surely something would have surfaced at this point, but I haven't really paid attention to it.
(this link is specifically great for this subject as it lists more than 10 different attack / compromise programs that are being run - with quite a few of them being protocol attacks - in the comments section )
Tor is an interesting example. A number of attacks are made possible by monitoring Tor exit node traffic, especially at the scale nation states can bring to the table.
Sure-- but that structural shortcoming has been a thing for a long time-- I wouldn't consider it a secret vulnerability that Tor was facilitating for US intelligence, as was initially implicated. I'm not in the field, but it seems like it would be way more useful for law enforcement working against criminals naive enough to think tor would be a one-stop op-sec solution (e.g. ANOM) than for nation-state-level counterintelligence.
I'm not in the field, but it seems like it would be way more useful for law enforcement working against criminals naive enough to think tor would be a one-stop op-sec solution (e.g. ANOM) than for nation-state-level counterintelligence.
If I remember correctly, Tor has been broken due to 'threat actors' owning enough exit nodes to successfully de-anonymize traffic given enough time and information.
pretty sure this is hearsay from a message board, but I can't for the life of me recall where or when I heard this.
> There is no real evidence that DARPA is morally compromised by the NSA in any way. This is unlike for NIST where there is evidence of such compromise.
Wait. Can you clarify this? I know that NIST's standards were compromised by the NSA or at least there is evidence of it. However, this is not necessarily the same as being morally compromised. The story I've read is that the NIST was taken for a ride by the NSA but weren't in bed with them. Is the narrative I have incorrect?
If you haven't seen it already, there was a post a couple of years ago here that got some traction on this subject, in context of a FOIA-related lawsuit filing by a (I'm to understand) well-regarded cryptologist:
TOR is PURELY designed for spies to use to hide among the network in countries throughout the world. It needs regular people to believe in it, to use it, but its only real purpose is for the spies. Regular users can and are deanonymised in real time and without using zero days. You just have to look at the network to see that you are almost exclusive connected to a series of entry/relay/exit nodes within 14 Eyes countries who share real-time data with each other. The servers are fast because most are using VPS. There was a time when it was more anonymous, when the relays would actually be random people's own computers across the globe, but it was too slow. The whole thing is gamed, and just because criminals are on there thinking they are anonymous is just because they are allowed to continue to keep the charade alive. I know I am going to be bursting bubbles here for 'true believers', but they have all been gamed for years. I'm surprised this info is Top Secret, it should be utter common sense to everyone by now.
Apparently, Signal is already used heavily by the US military, and Telegram by the Russian & Ukrainian military.
As we create, so we destroy for tactical reasons. Telegram's founder was just arrested for "failure to moderate". PGP was regarded as "munitions export". Tor is apparently wide open to the NSA through traffic analysis.
Even as a small portion of our government wants freedom of communication, most of it is strongly opposed.
Telegram dude was already allegedly cooperating and moderating for the Russian government. If true he loses any argument that suggests he was defending privacy or free speech.
Are you at all familiar with "Telegram Dude"? A fugitive of the Russian Government, an expat whose Facebook-like social network VKontakte was seized by the Russian Government, before he fled Russia and started an encrypted messaging app in response?
I'm no expert on his current activities, but this isn't a situation without Known Context.
there are news articles (I admit, of questionable origin) the claim he visited Russia yearly for the past decade. I do wonder if it the situation is a little more complex then he was a fugitive of the Russian Government
Further, there have been constant references, in articles from very reliable, reputable sources (see: CNN, NYT, FOX, etc.) since Russia's invasion into Ukraine about Russia's use of Telegram. I don't know that I could count the number of times I've seen phrases akin to, "based on conversations between Russian military commanders on Telegram," used as a source. The issue is that Russia's military essentially sucked at setting up their own communications channels, so they fell back to Telegram.
Not just that, nsa can observe enough of the whole intrnet traffic and do deep packet inspection.
Afaik tor does explicitly not protect against such an observer in their threat model.
There is no DPI on Tor networks. Traffic analysis for de-anonymization for Tor works by knowing all the variables in the system and solving it, not by looking at any content of the packets themselves.
The last time something like that was possible at all in Tor it broke it entirely and destroyed the anonymization. The bug involved a vulnerability in the way Tor handled the traffic confirmation attack on Onion Services. This attack allowed malicious relays to embed uniquely identifiable information into Tor cells (the packets used in the Tor network).
That's not deep packet inspection, just FYI. Timing and traffic correlation attacks never get any access to the packet information and piggy back on existing network weaknesses (correlating IP addresses based on timing metadata)
Yeah, but there's no need of "knowing all the variables in the system" and there's no "last time something like that was possible", it's always been possible.
And you get the "packet information" out of the exit nodes...
DPI usually refers to actually poking around the contents of the packets, which in TOR are (hopefully) minimally informative. With timing attacks you just keep track of the volume.
The US government is not one thing. It is diverse agencies, often working together, but sometimes in opposition. It is not guaranteed that all agencies have the same goal of control.
this is an important problem to work on so I'm extra irritated by this. looked for the protocol written in standard/BAN notation, didn't find it. if you don't have that for a security protocol, what is there to evaluate or trust?
- lack of a top level protocol description? Check.
- quirky codeworded modules instead of useful feature abstractions? Check.
- promoted by an intelligence agency? Check.
I'd be really interested in novel solutions to this general problem, but how is this one not dumber than Urbit?
thanks, but in this there are no keys, key encryption keys, counters, deriavtion functions, or anything that would indicate how the security of identities and messages are preserved.
sure, sequence diagrams, which are great to have and necessary, but there are no assertions about how security is done.
The website linked is for the The Resilient Anonymous Communication for Everyone (RACE) program. A government program to fund research is not a specification.
I assume you were originally responding to the proof of concept in the Github link? I mean, sure, maybe your criticisms are valid, but (to borrow a term from DARPA) they are non-responsive. If OP wanted to share that Github link and make it the focus of discussion, they would have done so. If you wanted to discuss that Github link, you should have been more clear that you were responding to something peripheral to the actual thing under discussion, which is the program, not the PoC.
In general, my response wasn't just to inform you, but because this is a common point of confusion when people share or discuss DARPA programs here. They are explicitly not prescribing a particular solution, even if sometimes a prior seedling effort or PoC is released alongside the solicitation. So don't take my response so personally; it was not only meant for you.
DARPA is an R&D agency under the DoD. Even if you work on their classified projects, it's going to be under the umbrella of the DoD. There are specific R&D agencies for the Intel community (see IARPA).
Some constructive criticism: it's better to just admit when you made a false statement than to double down on being wrong.
that's misdirection and bureaucratic hair splitting. surely if I'm not being precise about the roles of sub-agencies, this blob of code is trustworthy. on the inside, they're different agencies, but on the outside, it is absolutely not.
if you're doing cleared work you have obligations and spooks are spooks. Not only is it government, but it is part of DoD. DARPA isn't creating anti-state anarchist communications platforms in spite of the rest of law enforcement and the IC, and if they are, you'd be insane to trust them with your black market or terrorist operation, which is the only meaningful use case for measuring the integrity of an encrypted anonymous platform like the one being proposed.
the extremist example use case means that authorities are forced to use some legal method other than mass or passive interception to exploit it for evidence or to disrupt a plot. pretty sure DARPA isn't arming enemies like that, and if they are, they can provide something security pros can reason about instead of something for naive developers to play with.
I don't do gov work anymore if I can afford to. I'm imagining the eco-terrorist meeting where they're introducing their new member and someone says, "don't worry, he's cool, he's from DARPA."
I'll reiterate that their product isn't going to work in any space if they don't learn how to write a security protocol and include it as the extraodinary evidence required for something like a secure anonymous communications. the way they can show good faith is by providing something objective. I even look forward to walking this comment thread back when they do.
DARPA is not in the IC and the IC is not an intelligence agencies, it is a community of agencies. Here's a list of organizations that are part of the IC:
an ungovernable, decentralized, general trust-less computation protocol/escrow/rep using zkp+ and hormophic encryption was not able to be realized before the alfabit bois got a chance to mole into the development pipeline and backdoor the inevitable Merchanti Ultimatum; anything less would be a massive national security threat globally.
1. One of the underlying cryptographic principles is multi-party / secure-party communication (https://en.wikipedia.org/wiki/Secure_multi-party_computation). e.g., three people want to share their salaries to each other, but don't want the information to be traceable to back to the source.
2. Another is Steganography, hiding text in, say, an image, or audio.
3. You want to prevent the problems with Signal, Tor, Bitcoin, etc. This means, no "50%" problem like Bitcoin, no monitoring of exit nodes like Tor, no centralized distribution issue like Signal.
Imagine:
Alice "sends" a message to Bob by creating an account on Reddit and posts a cat meme which has the hidden text (steganography).
Bob knows how to find the text in that cat meme, and responds by posting something on Twitter, which Alice can read and decrypt.
All this is deniable (I didn't get anything from Alice!), available (e.g., Twitter goes down), and secure.