Tor has been around since the September 2002 and its long held position as the browser of choice for the anonymous has painted a target on its back.

In the last few months a number of vulnerabilities have been discovered in the Tor browser, all of which threaten the anonymity of its users.

The time has come then for another service to take to the frontlines in the battle for privacy and Michigan Institute of Technology might just have what is required.

It’s called Riffle. It uses something called a mixnet and is coupled with encryption and onion encryption.

A mixnet, by its simplest definition, receives information in a certain order and then shuffles the order around before passing it along to the second server. So, messages received in the order 1, 2, 3 would be passed along to the second server in the order 2, 1, 3 for example. This is intended to confuse anybody watching the information exchange.

The Riffle system will also use onion encryption in which data is wrapped in encrypted layers, each being removed at a node until the information reaches its intended destination. The intention of the encryption is to prevent prying eyes from grabbing the data in-transit.

You can’t handle the proof

This all sounds great but if an attacker where to manipulate the data at any point they would still be able to, for example, track a user.

For this reason Riffle uses a mathematical proof to validate data sent through the Riffle network. To do this, Riffle sends the first message a user sends to the entire mixnet.

This allows the network to validate that all the information being passed through it is has not been tampered with somewhere along the way.

All of this has the potential to impact a user’s PC performance.

To ensure your PC isn’t bogged down, Riffle establishes a secure connection between a user and a server and then private cryptographic key is exchanged. The server then authenticates the encrypted messages for the rest of the session.

The biggest benefit of this convoluted system is that even if the server you’re using goes down, Riffle stays up and secure. This is because no matter what, all servers are involved in the initial handshake and key sharing so as long as one server is up, all is well.

This is a really novel way of creating a secure network that uses multiple forms of encryption and protection to keep users anonymous. The more options there are for users to remain anonymous.

[Source – MIT News] [Image – CC BY 2.0 reynermedia]