1407
« on: May 09, 2013, 04:58 pm »
Edit: If this is your first time reading this thread, skip my stream of consciousness, and read this post first:
http://dkn255hz262ypmii.onion/index.php?topic=157711.msg1112047#msg1112047
=================
The principle design feature of Tor is distributed trust. It could also be described as division of information. No single entity can see the whole network, and no single entity can see your whole circuit. If the Tor Project ran every relay, you would not be anonymous. If the same person ran your entry and exit nodes, you would not be anonymous. Instead, a diverse group of volunteers from around the world add their relays to the network. Your entry node can see who you are (your IP address), but not what you are doing (the sites you are visiting). Your exit node can see what you are doing but not who are you. There are known attacks on this model, but your anonymity and safety are perserved if it holds.
Now consider a black market like SR. There are a few key pieces of information involved in every transaction. The buyer's identity, the seller's identity, the product, and the amount of currency exchanged. Under the current model, we trust the market admins with our currency and the product listings. The buyer can (and should) encrypt their address, so only the seller knows that. Nobody knows the seller's identity, although their city or rough geographical location become know to the buyer when the product is received. So, theoretically the market admins know the products and currency involved, but don't know the buyer and seller identities. The buyers and sellers know each other's identities (to some extent) and the product involved, but not the details of the currency exchange. The information is distributed to some extent, but I think it can be improved.
I'm interested in the concept of a blind market, where the market admins don't know what products are being sold. (This reduces their liability as well.) They only know that buyer1 sent 3 BTC to vendor2 for product <hash3>, or something along those lines. If the market were compromised, LE would only see a series of anonymous transactions for unknown products. The only ones they could deduce would be transactions that they were personally involved in as buyers or sellers.
I'm stuck on how this could be implemented. You can't just hash every product listing, because you wouldn't be able to reverse the hash to present it to buyers. And even if you could, you would be able to log in as a buyer to connect the hashes to the products.
So I'm wondering if there's any research on blind markets, or if anyone knows about this. Maybe the concepts behind blind mixes would be useful here. Any ideas?