Journal of Cryptology

, Volume 28, Issue 3, pp 623–640 | Cite as

Provable Unlinkability Against Traffic Analysis with Low Message Overhead

  • Ron Berman
  • Amos Fiat
  • Marcin Gomułkiewicz
  • Marek Klonowski
  • Mirosław Kutyłowski
  • Tomer Levinboim
  • Amnon Ta-ShmaEmail author


Rackoff and Simon proved that a variant of Chaum’s protocol for anonymous communication, later developed as the Onion Routing Protocol, is unlinkable against a passive adversary that controls all communication links and most of the nodes in a communication system. A major drawback of their analysis is that the protocol is secure only if (almost) all nodes participate at all times. That is, even if only nN nodes wish to send messages, all N nodes have to participate in the protocol at all times. This suggests necessity of sending dummy messages and a high message overhead.

Our first contribution is showing that this is unnecessary. We relax the adversary model and assume that the adversary only controls a certain fraction of the communication links in the communication network. We think this is a realistic adversary model. For this adversary model we show that a low message overhead variant of Chaum’s protocol is provably secure.

Furthermore, all previous security proofs assumed the a priori distribution on the messages is uniform. We feel this assumption is unrealistic. The analysis we give holds for any a priori information on the communication distribution. We achieve that by combining Markov chain techniques together with information theory tools in a simple and elegant way.

Key words

Mix protocol Traffic analysis Mixing time Markov Chain Unlinkability 


  1. [1]
    D.J. Aldous, Random walks on finite groups and rapidly mixing Markov chains, in Séminaire de Probabilités de Strasbourg, vol. 17, (1983), pp. 243–297 Google Scholar
  2. [2]
    N. Alon, Testing subgraphs in large graphs, in FOCS, (2001), pp. 434–439 Google Scholar
  3. [3]
    R. Bubley, M. Dyer, Path coupling: a technique for proving rapid mixing in Markov chains, in FOCS, (1997), pp. 223–231 Google Scholar
  4. [4]
    A. Beimel, S. Dolev, Buses for anonymous message delivery. J. Cryptol. 16(1), 25–39 (2003) zbMATHMathSciNetCrossRefGoogle Scholar
  5. [5]
    R. Berman, A. Fiat, A. Ta-Shma, Provable unlinkability against traffic analysis, in Financial Cryptography (FC). LNCS, vol. 3110, (2004), pp. 266–280 CrossRefGoogle Scholar
  6. [6]
    D. Chaum, Untraceable electronic mail, return addresses, and digital pseudonyms. Thesis (M.S. in Computer Science), University of California, Berkeley (1979) Google Scholar
  7. [7]
    D. Chaum, Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981) CrossRefGoogle Scholar
  8. [8]
    D. Chaum, The Dining Cryptographers Problem: unconditional sender and recipient untraceability. J. Cryptol. 1(1), 65–75 (1988) zbMATHMathSciNetCrossRefGoogle Scholar
  9. [9]
    A. Czumaj, M. Kutyłowski, Delayed path coupling and generating random permutations. Random Struct. Algorithms 17(3–4), 238–259 (2000) zbMATHCrossRefGoogle Scholar
  10. [10]
    A. Czumaj, P. Kanarek, M. Kutyłowski, K. Loryś, Delayed path coupling and generating random permutations via distributed stochastic processes, in SODA, (1999), pp. 271–280 Google Scholar
  11. [11]
    J. Camenisch, A. Lysyanskaya, A formal treatment of onion routing, in CRYPTO. LNCS, vol. 3621, (2005), pp. 169–187 Google Scholar
  12. [12]
    T.M. Cover, J.A. Thomas, Elements of Information Theory (Wiley, New York, 1991) zbMATHCrossRefGoogle Scholar
  13. [13]
    G. Danezis, Statistical disclosure attacks: traffic confirmation in open environments, in Security and Privacy (SEC), (2003), pp. 421–426 Google Scholar
  14. [14]
    G. Danezis, C. Diaz, A survey of anonymous communication channels. Microsoft Technical report MSR-TR-2008-35. Available at:
  15. [15]
    M. Gomułkiewicz, M. Klonowski, M. Kutyłowski, Provable unlinkability against traffic analysis already after O(log(n)) steps! in International Workshop on Information Security. LNCS, vol. 3225, (2004), pp. 354–366 CrossRefGoogle Scholar
  16. [16]
    M. Gogolewski, M. Klonowski, M. Kutyłowski, Local view attack on anonymous communication, in European Symposium on Research in Computer Security (ESORICS). LNCS, vol. 3679, (2005), pp. 475–488 Google Scholar
  17. [17]
    M. Gogolewski, M. Kutyłowski, T. Łuczak, Mobile mixing, in Information Security and Cryptology (ICISC). LNCS, vol. 3506, (2004), pp. 380–393 Google Scholar
  18. [18]
    V. Guruswami, Rapidly mixing Markov chains: a comparison of techniques (2000) Google Scholar
  19. [19]
    O. Häggström, Finite Markov Chains and Algorithmic Applications, vol. 52 (Cambridge University Press, Cambridge, 2002) zbMATHCrossRefGoogle Scholar
  20. [20]
    D. Malkhi, E. Pavlov, Anonymity without ‘cryptography’ (extended abstract), in Financial Cryptography (FC). LNCS, vol. 2339, (2001), pp. 117–135 CrossRefGoogle Scholar
  21. [21]
    M. Nielsen, I. Chuang, Quantum Computation and Quantum Information (Cambridge University Press, Cambridge, 2000) zbMATHGoogle Scholar
  22. [22]
    B. Pfitzmann, A. Pfitzmann, How to break the direct RSA-implementation of MIXes, in Eurocrypt. LNCS, vol. 434 (Springer, Berlin, 1989), pp. 373–381 Google Scholar
  23. [23]
    J. Raymond, Traffic analysis: protocols, attacks, design issues, and open problems, in Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability, ed. by H. Federrath. LNCS, vol. 2009, (2001), pp. 10–29 CrossRefGoogle Scholar
  24. [24]
    M.K. Reiter, A.D. Rubin, Crowds: anonymity for Web transactions. ACM Trans. Inf. Syst. Secur. 1(1), 66–92 (1998) CrossRefGoogle Scholar
  25. [25]
    C. Rackoff, D.R. Simon, Cryptographic defense against traffic analysis, in STOC, (1993), pp. 672–681 Google Scholar

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Ron Berman
    • 1
  • Amos Fiat
    • 2
  • Marcin Gomułkiewicz
    • 3
  • Marek Klonowski
    • 3
  • Mirosław Kutyłowski
    • 3
  • Tomer Levinboim
    • 4
  • Amnon Ta-Shma
    • 2
    Email author
  1. 1.Haas School of BusinessUC BerkeleyBerkeleyUSA
  2. 2.Department of Computer ScienceTel Aviv UniversityTel AvivIsrael
  3. 3.Institute of Mathematics and Computer ScienceWrocław University of TechnologyWrocławPoland
  4. 4.Viterbi School of EngineeringUniversity of Southern CaliforniaLos AngelesUSA

Personalised recommendations