Provable Unlinkability Against Traffic Analysis with Low Message Overhead
Rackoff and Simon proved that a variant of Chaum’s protocol for anonymous communication, later developed as the Onion Routing Protocol, is unlinkable against a passive adversary that controls all communication links and most of the nodes in a communication system. A major drawback of their analysis is that the protocol is secure only if (almost) all nodes participate at all times. That is, even if only n≪N nodes wish to send messages, allN nodes have to participate in the protocol at all times. This suggests necessity of sending dummy messages and a high message overhead.
Our first contribution is showing that this is unnecessary. We relax the adversary model and assume that the adversary only controls a certain fraction of the communication links in the communication network. We think this is a realistic adversary model. For this adversary model we show that a low message overhead variant of Chaum’s protocol is provably secure.
Furthermore, all previous security proofs assumed the a priori distribution on the messages is uniform. We feel this assumption is unrealistic. The analysis we give holds for any a priori information on the communication distribution. We achieve that by combining Markov chain techniques together with information theory tools in a simple and elegant way.
Key wordsMix protocol Traffic analysis Mixing time Markov Chain Unlinkability
- D.J. Aldous, Random walks on finite groups and rapidly mixing Markov chains, in Séminaire de Probabilités de Strasbourg, vol. 17, (1983), pp. 243–297 Google Scholar
- N. Alon, Testing subgraphs in large graphs, in FOCS, (2001), pp. 434–439 Google Scholar
- R. Bubley, M. Dyer, Path coupling: a technique for proving rapid mixing in Markov chains, in FOCS, (1997), pp. 223–231 Google Scholar
- D. Chaum, Untraceable electronic mail, return addresses, and digital pseudonyms. Thesis (M.S. in Computer Science), University of California, Berkeley (1979) Google Scholar
- A. Czumaj, P. Kanarek, M. Kutyłowski, K. Loryś, Delayed path coupling and generating random permutations via distributed stochastic processes, in SODA, (1999), pp. 271–280 Google Scholar
- J. Camenisch, A. Lysyanskaya, A formal treatment of onion routing, in CRYPTO. LNCS, vol. 3621, (2005), pp. 169–187 Google Scholar
- G. Danezis, Statistical disclosure attacks: traffic confirmation in open environments, in Security and Privacy (SEC), (2003), pp. 421–426 Google Scholar
- G. Danezis, C. Diaz, A survey of anonymous communication channels. Microsoft Technical report MSR-TR-2008-35. Available at: http://research.microsoft.com/apps/pubs/default.aspx?id=70553
- M. Gogolewski, M. Klonowski, M. Kutyłowski, Local view attack on anonymous communication, in European Symposium on Research in Computer Security (ESORICS). LNCS, vol. 3679, (2005), pp. 475–488 Google Scholar
- M. Gogolewski, M. Kutyłowski, T. Łuczak, Mobile mixing, in Information Security and Cryptology (ICISC). LNCS, vol. 3506, (2004), pp. 380–393 Google Scholar
- V. Guruswami, Rapidly mixing Markov chains: a comparison of techniques (2000) Google Scholar
- B. Pfitzmann, A. Pfitzmann, How to break the direct RSA-implementation of MIXes, in Eurocrypt. LNCS, vol. 434 (Springer, Berlin, 1989), pp. 373–381 Google Scholar
- C. Rackoff, D.R. Simon, Cryptographic defense against traffic analysis, in STOC, (1993), pp. 672–681 Google Scholar