Anonymity Protocols as Noisy Channels

  • Konstantinos Chatzikokolakis
  • Catuscia Palamidessi
  • Prakash Panangaden
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4661)


We propose a framework in which anonymity protocols are interpreted as particular kinds of channels, and the degree of anonymity provided by the protocol as the converse of the channel’s capacity. We also investigate how the adversary can test the system to try to infer the user’s identity, and we study how his probability of success depends on the characteristics of the channel. We then illustrate how various notions of anonymity can be expressed in this framework, and show the relation with some definitions of probabilistic anonymity in literature.


Mutual Information Channel Capacity Relative Entropy Decision Function Channel Matrix 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chaum, D.: The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of Cryptology 1, 65–75 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Halpern, J.Y., O’Neill, K.R.: Anonymity and information hiding in multiagent systems. Journal of Computer Security 13, 483–512 (2005)Google Scholar
  3. 3.
    Bhargava, M., Palamidessi, C.: Probabilistic anonymity. In: Abadi, M., de Alfaro, L. (eds.) CONCUR 2005. LNCS, vol. 3653, pp. 171–185. Springer, Heidelberg (2005), CrossRefGoogle Scholar
  4. 4.
    Reiter, M.K., Rubin, A.D.: Crowds: anonymity for Web transactions. ACM Transactions on Information and System Security 1, 66–92 (1998)CrossRefGoogle Scholar
  5. 5.
    Chatzikokolakis, K., Palamidessi, C.: Probable innocence revisited. Theoretical Computer Science 367, 123–138 (2006), zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Moskowitz, I.S., Newman, R.E., Crepeau, D.P., Miller, A.R.: Covert channels and anonymizing networks. In: Jajodia, S., Samarati, P., Syverson, P.F. (eds.) WPES, pp. 79–88. ACM, New York (2003)CrossRefGoogle Scholar
  9. 9.
    Moskowitz, I.S., Newman, R.E., Syverson, P.F.: Quasi-anonymous channels. In: IASTED CNIS, pp. 126–131 (2003)Google Scholar
  10. 10.
    Deng, Y., Pang, J., Wu, P.: Measuring anonymity with relative entropy. In: Proceedings of the 4th International Workshop on Formal Aspects in Security and Trust. LNCS, Springer, Heidelberg (to appear, 2006)Google Scholar
  11. 11.
    McLean, J.: Security models and information flow. IEEE Symposium on Security and Privacy, 180–189 (1990)Google Scholar
  12. 12.
    Gray III, J.W.: Toward a mathematical foundation for information flow security. In: Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy SSP 1991, Washington - Brussels - Tokyo, pp. 21–35. IEEE, Los Alamitos (1991)CrossRefGoogle Scholar
  13. 13.
    Clark, D., Hunt, S., Malacaria, P.: Quantitative analysis of the leakage of confidential data. In: Proc. of QAPL 2001. Electr. Notes Theor. Comput. Sci, vol. 59 (3), pp. 238–251. Elsevier Science B.V., Amsterdam (2001)Google Scholar
  14. 14.
    Clark, D., Hunt, S., Malacaria, P.: Quantified interference for a while language. In: Proc. of QAPL 2004. Electr. Notes Theor. Comput. Sci, vol. 112, pp. 149–166. Elsevier Science B.V., Amsterdam (2005)Google Scholar
  15. 15.
    Lowe, G.: Quantifying information flow. In: Proc. of CSFW 2002, pp. 18–31. IEEE Computer Society Press, Los Alamitos (2002)Google Scholar
  16. 16.
    Maurer, U.M.: Authentication theory and hypothesis testing. IEEE Transactions on Information Theory 46, 1350–1356 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Pierro, A.D., Hankin, C., Wiklicky, H.: Approximate non-interference. Journal of Computer Security 12, 37–82 (2004)Google Scholar
  18. 18.
    Pierro, A.D., Hankin, C., Wiklicky, H.: Measuring the confinement of probabilistic systems. Theoretical Computer Science 340, 3–56 (2005)zbMATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Cover, T.M., Thomas, J.A.: Elements of Information Theory. John Wiley & Sons, Inc, Chichester (1991)zbMATHGoogle Scholar
  20. 20.
    Sabelfeld, A., Sands, D.: Probabilistic noninterference for multi-threaded programs. In: Proc. of CSFW 2000, pp. 200–214. IEEE Computer Society Press, Los Alamitos (2000)Google Scholar
  21. 21.
    Deng, Y., Palamidessi, C., Pang, J.: Weak probabilistic anonymity. In: Proc. of SecCo 2005. Electronic Notes in Theoretical Computer Science, Elsevier Science Publishers, Amsterdam (2005), Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Konstantinos Chatzikokolakis
    • 1
  • Catuscia Palamidessi
    • 1
  • Prakash Panangaden
    • 2
  1. 1.INRIA and LIX, École Polytechnique, PalaiseauFrance
  2. 2.School of Computer Science, McGill University, Montreal, QuebecCanada

Personalised recommendations