girino on Nostr: Possible Attack and Mitigation: Size Correlation Attack An attacker monitoring ...
Possible Attack and Mitigation: Size Correlation Attack
An attacker monitoring Renoters could infer which inbound event corresponds to which outbound event by recording message sizes and calculating the overhead introduced by the gift-wrapping process. By analyzing the size differences, the attacker could potentially link encrypted messages to their decrypted versions, reducing the anonymity of the system.
Mitigation Strategies:
Standardized Message Sizes: Limit the size of content in the original message to a fixed length to minimize variability.
Padding Mechanism: Introduce a dummy tag "padding" in the format ["padding", "randomstring"], where randomstring is adjusted dynamically so that the final wrapped event reaches exactly 1023 bytes. This ensures uniformity while staying within common relay size limits (many relays cap events at 1KB).
Adaptive Size Tuning: The exact message size standardization might need future adjustments based on real-world relay constraints and user needs.
We could call this the Size Correlation Attack, as it exploits differences in message sizes to track messages through the Renoter system. Let me know if anyone is aware of an existing name for this type of attack!
An attacker monitoring Renoters could infer which inbound event corresponds to which outbound event by recording message sizes and calculating the overhead introduced by the gift-wrapping process. By analyzing the size differences, the attacker could potentially link encrypted messages to their decrypted versions, reducing the anonymity of the system.
Mitigation Strategies:
Standardized Message Sizes: Limit the size of content in the original message to a fixed length to minimize variability.
Padding Mechanism: Introduce a dummy tag "padding" in the format ["padding", "randomstring"], where randomstring is adjusted dynamically so that the final wrapped event reaches exactly 1023 bytes. This ensures uniformity while staying within common relay size limits (many relays cap events at 1KB).
Adaptive Size Tuning: The exact message size standardization might need future adjustments based on real-world relay constraints and user needs.
We could call this the Size Correlation Attack, as it exploits differences in message sizes to track messages through the Renoter system. Let me know if anyone is aware of an existing name for this type of attack!