Provable Unlinkability Against Traffic Analysis Already After \(\mathcal{O}(\log(n))~\) Steps!

  • Marcin Gomułkiewicz
  • Marek Klonowski
  • Mirosław Kutyłowski
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3225)


We consider unlinkability of communication problem: given n users, each sending a message to some destination, encode and route the messages so that an adversary analyzing the traffic in the communication network cannot link the senders with the recipients. A solution should have a small communication overhead, that is, the number of additional messages should be kept low.

David Chaum introduced idea of mixes for solving this problem. His approach was developed further by Simon and Rackoff, and implemented later as the onion protocol. Even if the onion protocol is widely regarded as secure and used in practice, formal arguments supporting this claim are rare and far from being complete. On top of that, in certain scenarios very simple tricks suffice to break security without breaking the cryptographic primitives. It turns out that one source of difficulties in analyzing the onion protocol’s security is the adversary model. In a recent work, Berman, Fiat and Ta-Shma develop a new and more realistic model in which only a constant fraction of communication lines can be accessed by an adversary, the number of messages does not need to be high and the preferences of the users are taken into account. For this model they prove that with high probability a good level of unlinkability is obtained after \(\mathcal{O}(\log^4 n)\) steps of the onion protocol where n is the number of messages sent.

In this paper we improve these results: we show that the same level of unlinkability (expressed as variation distance between certain probability distributions) is obtained with high probability already after \(\mathcal{O}(\log n)\) steps of the onion protocol. Asymptotically, this is the best result possible, since obviously Ω(log n) steps are necessary. On top of that, our analysis is much simpler. It is based on path coupling technique designed for showing rapid mixing of Markov chains.


anonymity unlinkability mix network Markov chain rapid mixing path coupling 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Adler, M., Levine, B.N., Schields, C., Wright, M.: Defending Anonymous Communication Against Passive Logging Attacks. In: IEEE Symp. on Security and Privacy (2003)Google Scholar
  2. 2.
    Aldous, D.: Random Walks of Finite Groups and Rapidly Mixing Markov Chains. In: Azéma, J., Yor, M. (eds.) Séminare de Probabilités XVII 1981/1982. Lecture Notes in Mathematics, vol. 986, pp. 243–297. Springer, Berlin (1983)CrossRefGoogle Scholar
  3. 3.
    Alon, N.: Testing Subgraphs in Large Graphs. In: ACM-SIAM FOCS 2001, pp. 434–439 (2001)Google Scholar
  4. 4.
    Berman, R., Fiat, A., Ta-Shma, A.: Provable Unlinkability Against Traffic Analysis. In: Financial Cryptography (2004)Google Scholar
  5. 5.
    Bubley, B., Dyer, M.: Path Coupling: a Technique for Proving Rapid Mixing in Markov Chains. In: Bubley, B., Dyer, M. (eds.) ACM-SIAM FOCS 1997, pp. 223–231 (1997)Google Scholar
  6. 6.
    Chaum, D.: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. CACM 24(2), 84–88 (1981)Google Scholar
  7. 7.
    Chaum, D.: The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability. Journal of Cryptology 1(1), 65–75 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Czumaj, A., Kanarek, P., Kuty-lowski, M., Loryś, K.: Distributed Stochastic Processes for Generating Random Permutations. In: ACM-SIAM SODA 1999, pp. 271–280 (1999)Google Scholar
  9. 9.
    Czumaj, A., Kuty-lowski, M.: Delayed Path Coupling and Generating Random Permutations. Random Structures and Algorithms 17(3-4), 238–259 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Hiding Routing Information. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 137–150. Springer, Heidelberg (1996)Google Scholar
  11. 11.
    Rackoff, C., Simon, D.R.: Cryptographic Defense Against Traffic Analysis. In: ACM STOC, pp. 672–681 (1993)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Marcin Gomułkiewicz
    • 1
  • Marek Klonowski
    • 1
  • Mirosław Kutyłowski
    • 1
  1. 1.Institute of MathematicsWrocław University of TechnologyWrocławPoland

Personalised recommendations