Review on Untraceable Electronic Mail, Return

Addresses, and Digital Pseudonyms by David Chaum

In this paper the author discusses the use of Public Key Cryptography to hide the
sender in an electronic mail system without a trusted third party to authenticate the
parties involved and a way for the receiver to reply to the sender without knowing
his return address. In the earlier days when symmetric cryptography was used
people had difficulty sharing their keys without a trusted third party and electronic
mail was becoming popular but could not be used because of traffic analysis
problem. Encryption was a tool that can be used to solve the traffic analysis
problem but symmetric encryption has its own problems. After that a new
encryption tool Public Key Cryptography was introduced in which one party uses
two keys, out of which one is called Public key which is revealed to all
communicating parties and another key Private key which only the generating party
knows, the two keys are inverse of each other. The sender will encrypt the message
with the receivers public key so now only the receiver who possess the private key
can decrypt the message.

Sender Mix(K1) Receiver(K

a)
Address:

The sender first encrypts the message with Receivers public key Ka, then appends
the address of receiver and then encrypts with mixs public key K1 and sends it to
mix. Mix then decrypts the received data with its private key and removes the
appended random string and forwards the encrypted message to Receiver. If we
observe closely the mix is taking an encrypted message and generating a decrypted
message, so an attacker can see both communications can observe a pattern if
there are any repetitions in the messages. So the mix must make sure that same
requests are not processed at its node and to be able to do it, it should maintain a
library of the previous communications and also not to process items in
chronological order. Items can be processed Maintaining a library can be fatal in
case of the mix gets compromised to minimize the risk the library is discarded when
the keys are changed. In practical implementations, a combination of mixes will
ensure that relationship anonymity is preserved. Now that we have established a
way to send messages anonymously we need to know how a receiver can reply
without knowing the sender. The sender sends K1(R1,Ax), Kx along with the
message in the same fashion where Ax is senders address and R1 is a random
string which doubles as a key and Kx is a temporary key agreed upon. The receiver
sends the reply to mix as K1(R1,Ax), Kx(R0,M) , after decrypting the data it uses R1
to encrypt the message part and sends it to the sender. Thus a receiver can reply to
an anonymous sender this way and the data is confidential because both keys used
Kx and R1 are generated by sender so only he can decrypt them.

The next main contribution in this paper are Digital pseudonyms which can be used
to hide a parties identity with another assumed identity. Since the public key
cryptography has two sets of keys one known to all parties and one secret, a
message encrypted with a party As private key when sent to other parties can be
verified that it has been generated by A because it can only be decrypted with As
public key. This method of encrypting with private key to verify ones identity is
called Digital signature. This can be used to provide pseudo anonymity in the
network by exchanging and checking the Digital signatures. A roster of pseudonyms
can be maintained by a trusted party and the pseudonyms can be transmitted by
untraceable mail to maintain anonymity. If only a single mix is involved then the
application letter can look like K1(R1,K). The trusted authority will get all the public
key K and forms a rooster with them which will be publicly available. When a ballot
is conducted the voter will send his vote in the form of K1(R1, K, Inv(K)(C,V)) where
the actual vote V is encrypted with Inv(K) only known to the sender. It can be
verified by decrypting it with K. In this way everyone knows who with a particular
pseudonym voted for whom and the true identity is maintained a secret.

In general purpose mail systems statistical attacks can be carried out because of
uniqueness of message characteristics like length, the number of mixes it passes
through etc. To eliminate that the author proposes a system where same number of
blocks of l length are sent in one batch. These blocks should pass through all the
mixes. But since that proves to be expensive the author tries to propose a method
where a block is passed through a set of mixes. At the mixes when decryption
happens and random strings are discarded, based on the length of output one can
tell when the destination is close by. To eliminate that the mixes will randomly add a
string after decrypting to maintain the length l of each block.

Thus Public Key Cryptography can be used to send untreatable electronic mail and
provide pseudonymity. There are two assumptions made in this paper that
relationship between an encrypted item and decrypted item at a mix cannot be
extracted and that anybody who can monitor the underlying telecommunication
network can see who is sending the message and who is receiving the message are
logically sound. The paper is well organized and addresses most of the issues it tries
to solve. One drawback in the proposed untraceable electronic mail system is that
since the mix stores the received objects for future reference when it is
compromised it will be fatal.

References:

1. Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms by

David Chaum
2. Wikipidea