strong location hiding properties with message aggregation model

[david415]

@burdges has come up with some message aggregation strategies involving SURBs. actually this deserves to be a whole paper; here's his current draft: https://github.com/burdges/lake/tree/master/Xolotl/papers

[burdges]

There is an interesting interaction with long-term statistical disclosure attacks too: Your senders and contact points do not know your aggregation point (mailbox server), so you can move it whenever you like. If designers have good lower bounds on the time to deanonymize aggregation points, then you can move it before that time. I doubt this makes long-term statistical disclosure attacks impossible, but they should become far more complex, like by requiring the attacker compromise more nodes.

[david415]

Generally when we refer to statistical disclosure attacks we are talking about a passive adversary. As for weather or not a statistical disclosure attack will be successful, it's a matter not only of tuning the mix network and understanding the information leakage but also how well the adversary can predict the actions of the users... and how repetitive their behavior is. Further research required.