This PR continues work from PR #158 and PR #173, and introduces a new
**Section 9: Security Considerations** to the Mix Protocol RFC. It
formalizes the protocol’s core guarantees, trust assumptions, and known
limitations.
### New Section Added
Structured Section 9 with the following subsections:
- [x] **9.1 Security Guarantees of the Core Mix Protocol**
Defines sender anonymity, metadata protection, and statelessness
guarantees.
- [x] **9.2 Exit Node Trust Model**
Trust assumptions at the final hop:
- [x] `9.2.1 Message Delivery and Origin Trust`
- [x] `9.2.2 Origin Protocol Trust and Client Role Abuse`
- [x] **9.3 Destination as Final Hop**
Optional deployment model where the destination operates its own Mix
instance to eliminate exit-level trust.
- [x] **9.4 Known Protocol Limitations**
Clearly outlines out-of-scope threats:
- Undetectable node misbehavior
- Lack of built-in retries or acknowledgments
- No Sybil resistance
- Vulnerability to DoS attacks
### Key Improvements
- Clearly delineates what the Mix Protocol guarantees and what it leaves
to external systems.
- Formalizes the exit trust boundary, a key concept for downstream
applications.
- Introduces an alternative destination participation model.
- Enables future discussions around accountability, reliability, and
Sybil resistance.
---------
Co-authored-by: Prem Chaitanya Prathi <chaitanyaprem@gmail.com>
This PR builds on PR #173 and completes the remaining construction and
runtime processing logic in `Section 8` of the Mix Protocol RFC. It
finalizes the last steps of packet construction (`Section 8.5.2 step 3.
e–f`) and introduces the complete mix node handler logic in `Section
8.6`, including intermediary and exit processing.
It clearly separates construction, role determination, and processing
logic.
### Changes Introduced in This PR
- **8.5.2 Construction Steps (Final Steps Added)**
- Sphinx packet construction
- [x] Assemble Final Packet
- [x] Transmit Packet
- **8.6 Sphinx Packet Handling**
- [x] **8.6.1 Shared Preprocessing**
- Derives session key, validates replay tag and MAC, decrypts
header/payload
- [x] **8.6.2 Node Role Determination**
- Inspects decrypted header prefix and padding to classify node as
intermediary or exit
- [x] **8.6.3 Intermediary Processing**
- Parses next hop address and mean delay
- Updates ephemeral key and routing fields
- Samples actual forwarding delay and transmits packet
- Erases all temporary state.
- [x] **8.6.4 Exit Processing**
- Verifies payload padding and extracts destination address
- Parses and validates application-layer message
- Hands off to Exit Layer along with origin protocol codec and
destination address
### Highlights
- Explicit role determination via zero-delay and padding inspection
- Fully decoupled construction and handling logic
- Forwarding delay behavior updated:
- Sender selects per-hop mean delay
- Mix node samples actual delay using pluggable distribution
---------
Co-authored-by: kaiserd <1684595+kaiserd@users.noreply.github.com>
