Shortly after the latest breach in Tor, MIT security researchers claim to have developed a network that’s not only more secure than Tor, but also capable of downloading large files in a tenth of the time. The new network, named Riffle (Thesis paper can be found here), incorporates several well-known cryptographic techniques but utilizes them in a new, more secure way than any technology currently on the market. The system is flying under the name “Riffle.”
According to the press release, Riffle will be using an array of servers that “permutes the order in which it receives messages before passing them on to the next. For instance, messages from senders Alice, Bob, and Carol reach the first server in the order A, B, C, that server would send them to the second server in a different order — say, C, B, A. The second server would permute them before sending them to the third, and so on.” Someone at an end node or exit server wouldn’t be able to make any sense of the information; it would be in an order that is completely scrambled.
The press release mentions three types of encryption Riffle will be using. The first is onion wrapping, which is fairly well known as the encryption Tor is famous for using. Second is something called verifiable shuffle, a technique designed to be a counter-defense against intrusive code. It should also be able to provide public proof of accuracy without revealing the secret key. And the third security measure revealed by the press release was authentication encryption for verifying a message was indeed the message it claimed to be.
Users on Reddit are excited at the possibility of a more secure, faster version of Tor. But they aren’t without their doubts and downright distrust of the upcoming system. The comments range from “I guarantee that the FBI is going to already have access to this before it gets released to the public,” to people being interested and hopeful the proposed speed would be useful.
As one user points out – given there’s going to be heaps of trust issues regarding a new system that we’re supposed to trust – that an open source system would be the best outcome for us. It wouldn’t matter who developed or worked on the software if it was open source, like Tor.
Albert Kwon, who helped create Riffle, said that they thought anonymous file sharing would be one of the best initial applications for the system, although we won’t know exactly what is planned until the developers present the network at the Privacy Enhancing Technologies Symposium in Darmstadt, Germany, later this month.