Probabilistic Anonymity

  • Mohit Bhargava
  • Catuscia Palamidessi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3653)


The concept of anonymity comes into play in a wide range of situations, varying from voting and anonymous donations to postings on bulletin boards and sending mails. The systems for ensuring anonymity often use random mechanisms which can be described probabilistically, while the agents’ interest in performing the anonymous action may be totally unpredictable, irregular, and hence expressable only nondeterministically.

Formal definitions of the concept of anonymity have been investigated in the past either in a totally nondeterministic framework, or in a purely probabilistic one. In this paper, we investigate a notion of anonymity which combines both probability and nondeterminism, and which is suitable for describing the most general situation in which both the systems and the user can have both probabilistic and nondeterministic behavior. We also investigate the properties of the definition for the particular cases of purely nondeterministic users and purely probabilistic users.

We formulate our notions of anonymity in terms of observables for processes in the probabilistic π-calculus, whose semantics is based on Probabilistic Automata.

We illustrate our ideas by using the example of the dining cryptographers.


Epistemic Logic Anonymous User Probabilistic User Nondeterministic Choice Probabilistic Automaton 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Fournet, C.: Private authentication. Theoretical Computer Science 322(3), 427–476 (2004)zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: The spi calculus. Information and Computation 148(1), 1–70 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Amadio, R.M., Lugiez, D.: On the reachability problem in cryptographic protocols. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, p. 380. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Bhargava, M., Palamidessi, C.: Probabilistic anonymity. Technical report, INRIA Futurs and LIX, 2005. To appear in the proceedings of CONCUR 2005, Report version available at
  5. 5.
    Brookes, S.D., Hoare, C.A.R., Roscoe, A.W.: A theory of communicating sequential processes. Journal of the ACM 31(3), 560–599 (1984)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Chatzikokolakis, K., Palamidessi, C.: Probable innocence revisited. Technical report, INRIA Futurs and LIX (2005),
  7. 7.
    Chaum, D.: The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of Cryptology 1, 65–75 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Deng, Y., Palamidessi, C., Pang, J.: Weak probabilistic anonymity. Technical report, INRIA Futurs and LIX (2005), Submitted for publication
  9. 9.
    Gill, R.D., van der Laan, M., Robins, J.: Coarsening at random: Characterizations, conjectures and counterexamples. In: Lin, D.Y., Fleming, T.R. (eds.) Proceedings of the First Seattle Symposium in Biostatistics. Lecture Notes in Statistics, pp. 255–294. Springer, Heidelberg (1997)Google Scholar
  10. 10.
    Grunwald, P.D., Halpern, J.Y.: Updating probabilities. Journal of Artificial Intelligence Research 19, 243–278 (2003)zbMATHMathSciNetGoogle Scholar
  11. 11.
    Halpern, J.Y., O’Neill, K.R.: Anonymity and information hiding in multiagent systems. In: Proc. of the 16th IEEE Computer Security Foundations Workshop, pp. 75–88 (2003)Google Scholar
  12. 12.
    Herescu, O.M., Palamidessi, C.: Probabilistic asynchronous π-calculus. In: Tiuryn, J. (ed.) FOSSACS 2000. LNCS, vol. 1784, pp. 146–160. Springer, Heidelberg (2000)Google Scholar
  13. 13.
    Hughes, D., Shmatikov, V.: Information hiding, anonymity and privacy: a modular approach. Journal of Computer Security 12(1), 3–36 (2004)Google Scholar
  14. 14.
    Kremer, S., Ryan, M.D.: Analysis of an electronic voting protocol in the applied pi-calculus. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 186–200. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Lowe, G.: Casper: A compiler for the analysis of security protocols. In: Proceedings of 10th IEEE Computer Security Foundations Workshop (1997); Also in Journal of Computer Security 6, 53–84 (1998)Google Scholar
  16. 16.
    Milner, R.: Communication and Concurrency. International Series in Computer Science. Prentice Hall, Englewood Cliffs (1989)zbMATHGoogle Scholar
  17. 17.
    Milner, R.: Communicating and mobile systems: the π-calculus. Cambridge University Press, Cambridge (1999)Google Scholar
  18. 18.
    Milner, R., Parrow, J., Walker, D.: A calculus of mobile processes, I and II. Information and Computation 100(1), 1–40 & 41–77 (1992); A preliminary version appeared as Technical Reports ECF-LFCS-89-85 and -86, University of Edinburgh (1989)Google Scholar
  19. 19.
    Palamidessi, C., Herescu, O.M.: A randomized encoding of the π-calculus with mixed choice. Theoretical Computer Science 335(2-3), 73–404 (2005) (to appear)Google Scholar
  20. 20.
    Reiter, M.K., Rubin, A.D.: Crowds: anonymity for Web transactions. ACM Transactions on Information and System Security 1(1), 66–92 (1998)CrossRefGoogle Scholar
  21. 21.
    Roscoe, A.W.: Modelling and verifying key-exchange protocols using CSP and FDR. In: Proceedings of the 8th IEEE Computer Security Foundations Workshop, pp. 98–107. IEEE Computer Soc Press, Los Alamitos (1995)CrossRefGoogle Scholar
  22. 22.
    Ryan, P.Y., Schneider, S.: Modelling and Analysis of Security Protocols. Addison-Wesley, Reading (2001)Google Scholar
  23. 23.
    Schneider, S.: Security properties and csp. In: Proceedings of the IEEE Symposium Security and Privacy (1996)Google Scholar
  24. 24.
    Schneider, S., Sidiropoulos, A.: CSP and anonymity. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 198–218. Springer, Heidelberg (1996)Google Scholar
  25. 25.
    Segala, R., Lynch, N.: Probabilistic simulations for probabilistic processes. Nordic Journal of Computing 2(2), 250–273 (1995); An extended abstract appeared in Jonsson, B., Parrow, J. (eds.): CONCUR 1994. LNCS, vol. 836. Springer, Heidelberg (1994)Google Scholar
  26. 26.
    Syverson, P.F., Stubblebine, S.G.: Group principals and the formalization of anonymity. In: World Congress on Formal Methods (1), pp. 814–833 (1999)Google Scholar
  27. 27.
    Syverson, P.F., Goldschlag, D.M., Reed, M.G.: Anonymous connections and onion routing. In: IEEE Symposium on Security and Privacy, Oakland, California, pp. 44–54 (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Mohit Bhargava
    • 1
  • Catuscia Palamidessi
    • 2
  1. 1.Indian Institute of Technology Delhi 
  2. 2.INRIA Futurs and LIX, École Polytechnique 

Personalised recommendations