1 files changed, 3 insertions, 3 deletions

diff --git a/content/cmix_additions.tex b/content/cmix_additions.tex
index 277dd02..b377c03 100644
--- a/content/cmix_additions.tex
+++ b/content/cmix_additions.tex
@@ -4,9 +4,9 @@ So the base protocol still has some issues, thankfully these issues can be addre
 
 \subsection{Tagging attack}
 \label{sec:tagging}
-In a tagging attack an adversary changes a message slightly and later can detect this tag and remove it, otherwise it wouldn't be undetectable. This leaks information of the the origin of the message and from which slot it came. The easiest variant of this would be if a malicious person had control over the last node.
+In a tagging attack an adversary changes a message slightly in such a way that it can later detect and reverse the change. Detection to be able to track a message even though it has been permuted. Reversible because the adversary needs to stay undetected. The easiest variant; when a malicious person had control over the last node.
 
-When you control the last node you can change the output of realtime precomputation phase slightly by when combining your nodes $r$ value for this slot with the input. you either combine the input with $r * i$, for cyclic group ElGamal, or $r + p$, for elliptic curve implementations. After all computations are done you have the plaintexts that you want to send out. If you can verify that one of the outputs is not valid, it probably is the value you modified with either $i$ or $p$. You now now the slot this value used to be in and you can reverse your tag by doing the reverse operation. This is undetectable in the network and thus compromise the network. Note that the last node is not special in \cmix, if all but one Node is malicious the protocol should still be safe.
+When you control the last node you can change the output of realtime precomputation phase slightly. You can do this by slightly changing your value of  $r$ one slot of the input. You either combine the input with $r * i$, for cyclic group ElGamal, or $r + p$, for elliptic curve implementations. After all the realtime computations are done you have the plaintexts that you want to send to their destination. If you can verify that one of the outputs is not valid, it probably is the value you modified with either $i$ or $p$. Now you know the slot this value used to be in and you can reverse your tag by doing the reverse operation. This is undetectable by other nodes or any client and thus compromises the network. Note that no node in \cmix is special. The claim is that when all but one node is compromised the network should still function as intended and keep your transmissions anonymous.
 
-To stop this attack we need to change the protocol. First we need to change the third step of the precomputation phase. Instead of sending the decryption shares of each of the nodes to the next, we send a hash, a commitment to our decryption shares to the next node. The nodes keep the decryption shares to themselves, and will use them separately in the realtime phase. The last node also includes a hash of the current mix result. So the hash of the decryption of formula \ref{form:EPiRS}. This makes that an adversary can no longer tamper with the $r$ values in the realtime phase, which caused the tagging attack to be possible in the first place.
+To stop this attack we need to change the protocol slightly. First we need to change the third step of the precomputation phase. Instead of sending the decryption shares of each node to the next, we send a hash, a commitment to our decryption shares. The nodes keep the decryption shares to themselves, and will use them separately in the realtime phase. The last node also includes a hash of the current mix result. So the hash of the decryption of formula \ref{form:EPiRS}. This makes that an adversary can no longer tamper with the $r$ values in the realtime phase, which means an attacker can no longer apply the tag without being detectable by other nodes.