Consider a scenario where Client 1 wants to share information with Client 2 over a network fully monitored by a state actor, and achieve that communication while hiding:
- what each party sent.
- what target party each other party intended to communicate with.
Tor attempts to achieve this, however if the state actor hosts enough nodes of its own, it can create a high enough probability of hosting each party’s connection to eventually identify the parties communicating.
To avoid this vulnerability:
- Client 1 and Client 2 share a private encryption key in some manner that escapes the notice of the state actor, even if that means a physical exchange of USB drives.
- Then they connect to a node which waits for millions of requests to occur, each containing encrypted information to be communicated, bundles it all together, and sends the entire bundle of information back to every client involved.
- Client 1 and 2 then attempt to decrypt every item in the bundle until they successfully decrypt the information created with their private key.
The monitoring state actor would not be able to determine which client communicated with which other client, nor what anyone communicated, so long as they shared their keys privately. Even if the state actor took over the Privacy Node, it could only know which clients attempted to connect to it, not what they sent nor who they intended to communicate with. Nor could it spoof any response to the clients without knowing their keys.
Is there a flaw in the concept I’m considering? If so, what?