News
What Is This?
Theory
Security
Security Model
Cryptographic Peculiarities
IBM Security
Privacy
Try It Out!
FAQs
Presentation
Download
RPOW Privacy
Privacy
A desirable feature of a centralized token-exchange system like RPOW is protection of user privacy. In this context, that means keeping the server from finding out and recording who is transferring RPOWs to whom.
Information Exposure
In normal use, the host does learn some information about the transaction. It sees what Internet address the client is connecting from, and of course it knows the time of the connection. RPOW now supports the use of the Tor anonymizing network to hide your Internet address from the RPOW server. See the Tor section below for details on how to set up the RPOW client to use the Tor network. Without this protection, the RPOW host can eventually build a very detailed picture of which systems are using RPOW services, and their basic patterns of information. The host also sees the size of the data packets which go back and forth, and this may give some indication of whether a single POW or RPOW is being exchanged, versus a larger number of tokens being exchanged in a message.
Privacy Without Blinding
In the ecash world, user privacy is protected via "blinding". This is a way of getting a signature on an RPOW-like token by the RPOW server, without the server seeing what value it is signing. Blinding is a powerful and important technique but at the time of writing is patented in much of the world.
RPOW provides much the same protection without the use of blinding. As can be seen by inspection of the source code, the server records no information about the source or destination of any RPOW tokens. The communication link between client and server is encrypted, which keeps the host computer from seeing the details of the tokens as they travel back and forth. The RPOW server does rely on the untrusted host to keep a record of previously-seen RPOWs, but it uses a hidden hash prefix to hide the information in the RPOWs, so the host sees only a random jumble of characters.
Based on these properties, if a user creates some new RPOW tokens and sends them to another person, he can be confident that even if the recipient and the RPOW untrusted host worked together, they could not identify the earlier transaction when he had created those RPOW tokens. If he had sent the tokens anonymously, his anonymity would be fully protected.
Linkage Attacks
While the sender's privacy is protected, there is one possible usage mode where the recipient's privacy is exposed. If a sender intentionally double-uses an RPOW token, this fact will be recognized at exchange time by the untrusted host. Even though the RPOW server obfuscates the contents of RPOW tokens when it asks the untrusted host if they have been seen before, it is necessary for this hiding operation to be deterministic and repeatable. In other words, if the same RPOW token actually is presented for exchange a second time, it must map to the same obfuscated string, so that the host will find the matching value in the database. The result is that the untrusted host knows when someone is depositing a token which has been double-used; and it can know exactly when the earlier use was, as well. This is an inherent result of the fact that the host is maintaining the seen-RPOW database on behalf of the server.
There are two ways to solve this and give recipients the same privacy protection as senders. One is to use the Tor anonymizer as described below, and the other is to use blinding technology. blinding will allow the recipient and sender to work together to create a new RPOW, in such a way that the sender never sees the true RPOW value. This will prevent the sender from double-exchanging the RPOW, because he never gets an RPOW that he can exchange. It will give recipients full protection of privacy. The blinding patent will begin to expire in 2005, and at that time it should be possible to distribute a new RPOW client which will optionally use the feature. No changes to the RPOW server will be necessary to add blinding protection.
Tor Anonymizer
RPOW client software now has support for using a SOCKS V5 proxy for its network access. This gives RPOW users a new opportunity for protecting their privacy by accessing the RPOW server via an anonymizing network.
Tor is a system for anonymizing network activities such as web browsing, IM, IRC, SSH and more. It consists of a network of volunteer-run anonymizing routers, along with client software that connects end users to the Tor network. These software components modify internet connection requests so that they travel along a path through several Tor routers before reaching their final destination. No Tor router sees details about who is connecting where, and the remote server does not learn where the client connection is coming from. Servers see connections that appear to come from the Tor network, protecting the privacy of client software users.
Tor client software works as a proxy, meaning that programs must be modified to access the net via the proxy rather than directly. RPOW has been modified to optionally use the SOCKS V5 proxy protocol to access the net, allowing it to work with the Tor anonymizing network for accessing the RPOW server.
To use RPOW in this mode, first download the Tor software from that link, and get it running. It would be a good idea to test Tor by using it as a web browsing proxy, following the instructions in the Tor documentation. However, it's not necessary to use Tor as a web proxy in order to use it with RPOW. All the different Tor proxy functions can be enabled independently from each other.
With Tor running, modify the config file in the .rpow directory. (See the Download page for details on setting up this file and directory.) Add a line of the form:
socks5 = localhost:9050This tells RPOW to access the net via the SOCKS V5 proxy running on the same computer at port 9050. This is the port where Tor listens for connections which it will pass on to the network.
To test the server, try an rpowcli command which will connect to the RPOW server, such as an exchange or gen command. It would be a good idea to test with low-value RPOW tokens at first, of course.
The first connection via the Tor network sometimes takes several seconds to set up, but subsequent exchanges usually go more quickly. Access via Tor does take more time than direct access because of the need to forward your requests through several computers acting as Tor servers. This is what gives you anonymity, but the price you pay is a somewhat slower response time from the RPOW server.