Cryptography Reference
In-Depth Information
by Bob, to Ray to Lorraine to Carol to Gilda before heading to its final
destination. The Packet ID is used by each remailer to defend against
replay attacks.
There are two types of encryption used in Mixmaster. First, each
entry in the header is encrypted with the public key of the remailer.
So the Next Destination, the Packet ID, and the Key for Ray are en-
crypted with Ray's public key. Only the rightful recipient of each re-
mailer will be able to decode its entry.
The second encryption uses the keys stored in the table. The best
way to understand it is to visualize what each remailer does. Here are
the steps:
1. Decodes its packet using its secret key. This reveals the next
destination, the ID, and the Key.
Iwastheshadowofthe
waxwing slain by the
false azure of the
window pane.
—John Shade in
Pale
Fire
2. Uses its Key to decrypt every entry underneath it. Mixmaster
uses triple DES to encode the messages.
3. Moves itself to the bottom of the list and replaces the remailer
name, the destination information, and the ID with a random
block of data. This obscures the trail.
If this is going to be repeated successfully by each remailer in the
list, then the initial table is going to have to be encrypted correctly.
Each entry in the header will need to be encrypted by the key of each
of the headers above it. For instance, the entry for Carol should look
something like this:
E
12030124
(
E
61261621
(
E
93432212
(
PK
Carol
(
...
)))
.
Bob's remailer will strip off the first level of encryption indicated by
the function
, Ray's will strip off the second and Lorraine's
will strip off the third. The final block left is encrypted by Carol's
public key.
When the header finally arrives at the last destination, each block
will have been re-encrypted in reverse order. This forms something
like the signature chain of a certified letter. Each step must be com-
pleted in order and each step can only be completed by someone
holding the matching secret key. The final recipient can keep this
header and check to see that it was processed correctly.
The last key in the chain, in this case the one in the entry for Gilda,
is the one that was used to encrypt the message. There is no reason
for the remailer to decrypt the message at each step.
Mixmaster currently appends a block of 20 header entries to the
topof each entry. Each block takes 512 bytes. If the letter is only going
E
12030124
