An Indistinguishability-Based Characterization of Anonymous Channels

  • Alejandro Hevia
  • Daniele Micciancio
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5134)


We revisit the problem of anonymous communication, in which users wish to send messages to each other without revealing their identities. We propose a novel framework to organize and compare anonymity definitions. In this framework, we present simple and practical definitions for anonymous channels in the context of computational indistinguishability. The notions seem to capture the intuitive properties of several types of anonymous channels (Pfitzmann and Köhntopp 2001) (eg. sender anonymity and unlinkability). We justify these notions by showing they naturally capture practical scenarios where information is unavoidably leaked in the system. Then, we compare the notions and we show they form a natural hierarchy for which we exhibit non-trivial implications. In particular, we show how to implement stronger notions from weaker ones using cryptography and dummy traffic – in a provably optimal way. With these tools, we revisit the security of previous anonymous channels protocols, in particular constructions based on broadcast networks (Blaze et al. 2003), anonymous broadcast (Chaum 1981), and mix networks (Groth 2003, Nguyen et al. 2004). Our results give generic, optimal constructions to transform known protocols into new ones that achieve the strongest notions of anonymity.


Broadcast Channel Message Overhead Strong Notion Anonymous Communication Secure Multiparty Computation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abe, M.: Universally verifiable mix-net with verification work independent of the number of mix-servers. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 437–447. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  2. 2.
    Beaver, D., Micali, S., Rogaway, P.: The round complexity of secure protocols. In: Proc. of the 22nd Annual ACM Symposium on the Theory of Computing – STOC 1990, pp. 503–513. ACM Press, New York (1990)CrossRefGoogle Scholar
  3. 3.
    Beimel, A., Dolev, S.: Buses for anonymous message delivery. Journal of Cryptology 16 (2003)Google Scholar
  4. 4.
    Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-privacy in public-key encryption. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 566–582. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)Google Scholar
  6. 6.
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for noncryptographic fault-tolerant distributed computations. In: Proc. of the 20th Annual ACM Symposium on Theory of Computing, pp. 1–10. ACM Press, New York (1988)Google Scholar
  7. 7.
    Berman, R., Fiat, A., Ta-Shma, A.: Provable unlinkability against traffic analysis. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110. Springer, Heidelberg (2004)Google Scholar
  8. 8.
    Blaze, M., Ioannidis, J., Keromytis, A.D., Malkin, T., Rubin, A.: WAR: Wireless anonymous routing. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2003. LNCS, vol. 3364, pp. 218–232. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Boneh, D., Franklin, M.K.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Bos, J., den Boer, B.: Detection of disrupters in the DC protocol. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 320–328. Springer, Heidelberg (1990)Google Scholar
  11. 11.
    Camenisch, J., Lysyanskaya, A.: A formal treatment of onion routing. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 169–187. Springer, Heidelberg (2005)Google Scholar
  12. 12.
    Canetti, R.: Security and composition of multiparty cryptographic protocols. Journal of Cryptology 13(1), 143–202 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: Proc. of the 42nd IEEE Symposium on Foundations of Computer Science, pp. 136–145. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  14. 14.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  15. 15.
    Chaum, D.: The Dining Cryptographers Problem: Unconditional sender and recipient untraceability. Journal of Cryptology 1(1), 65–75 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Chaum, D., Crepeau, C., Damgård, I.: Multiparty unconditional secure protocols. In: Proc. of STOC 1988, pp. 11–19. ACM Press, New York (1988)Google Scholar
  17. 17.
    Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: Design of a Type III Anonymous Remailer Protocol. In: Proc. of IEEE Security and Privacy (2003)Google Scholar
  18. 18.
    Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. 19.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proc. of the 13th USENIX Security Symposium (2004)Google Scholar
  20. 20.
    Dolev, S., Ostrobsky, R.: Xor-trees for efficient anonymous multicast and reception. ACM Trans. on Information System Security 3(2), 63–84 (2000)CrossRefGoogle Scholar
  21. 21.
    Feige, U., Lapidot, D., Shamir, A.: Multiple noninteractive zero knowledge proofs under general assumptions. SIAM Journal on Computing 29(1) (1999)Google Scholar
  22. 22.
    Feigenbaum, J., Johnson, A., Syverson, P.: A model for onion routing with provable anonymity. In: Financial Cryptography. LNCS, vol. 4886. Springer, Heidelberg (2007)Google Scholar
  23. 23.
    Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. In: Proc. of AUSCRYPT 1992. LNCS, vol. 718, pp. 244–251. Springer, Heidelberg (1992)Google Scholar
  24. 24.
    Furukawa, J.: Efficient, verifiable shuffle decryption and its requirement of unlinkability. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947. Springer, Heidelberg (2004)Google Scholar
  25. 25.
    Furukawa, J., Sako, K.: An efficient scheme for proving a shuffle. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  26. 26.
    Garcia, F.D., Hasuo, I., Pieters, W., van Rossum, P.: Provable anonymity. In: Proc. of the 3rd ACM Workshop on Formal Methods in Security Engineering – FMSE 2005, pp. 63–72. ACM Press, New York (2005)CrossRefGoogle Scholar
  27. 27.
    Goldreich, O.: A uniform complexity treatment of encryption and zero-knowledge. Journal of Cryptology 6(1), 21–53 (1993)zbMATHCrossRefMathSciNetGoogle Scholar
  28. 28.
    Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity and a methodology of cryptographic protocol design. In: Proc. 27th Symposium on Foundations of Computer Science, pp. 174–187. IEEE Press, Los Alamitos (1986)Google Scholar
  29. 29.
    Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Hiding Routing Information. In: Proc. of Information Hiding. LNCS, vol. 1174, pp. 137–150. Springer, Heidelberg (1996)Google Scholar
  30. 30.
    Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Science 28, 270–299 (1984)zbMATHCrossRefMathSciNetGoogle Scholar
  31. 31.
    Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attacks. Siam J. of Computing 17(2), 281–308 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  32. 32.
    Golle, P., Juels, A.: Dining cryptographers revisited. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027. Springer, Heidelberg (2004)Google Scholar
  33. 33.
    Groth, J.: A verifiable secret shuffle of homomorphic encryptions. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  34. 34.
    Gülcü, C., Tsudik, G.: Mixing E-mail with Babel. In: Proc. of the Network and Distributed Security Symposium – NDSS 1996, pp. 2–16. IEEE Press, Los Alamitos (1996)CrossRefGoogle Scholar
  35. 35.
    Hevia, A., Micciancio, D.: Indistinguishability-based Characterization of Anonymous Channels (2008),
  36. 36.
    Hughes, D., Shmatikov, V.: Information Hiding, Anonymity and Privacy: a Modular Approach. Journal of Computer Security 12(1), 3–36 (2004)Google Scholar
  37. 37.
    Halpern, J.Y., O’Neill, K.R.: Anonymity and information hiding in multiagent systems. Journal of Computer Security (2004)Google Scholar
  38. 38.
    Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Cryptography from anonymity. In: Proc. of FOCS 2006. IEEE Press, Los Alamitos (2006)Google Scholar
  39. 39.
    Jakobsson, M., Juels, A., Rivest, R.L.: Making mix nets robust for electronic voting by randomized partial checking. In: Proc. of the 11th USENIX Security Symposium (SECURITY 2002), pp. 339–353. USENIX Association (2002)Google Scholar
  40. 40.
    Kesdogan, D., Egner, J., Büschkes, R.: Stop-and-go MIXes: Providing probabilistic anonymity in an open system. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  41. 41.
    Mauw, S., Verschuren, J.H.S., de Vink, E.P.: A formalization of anonymity and onion routing. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193. Springer, Heidelberg (2004)Google Scholar
  42. 42.
    Micali, S., Rackoff, C., Sloan, B.: The notion of security for probabilistic cryptosystems. Siam Journal of Computing 17(2), 412–426 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  43. 43.
    Neff, A.: A verifiable secret shuffle and its application to E-voting. In: Proc. 8th ACM Conference on Computer and Communications Security, ACM SIGSAC (2001)Google Scholar
  44. 44.
    Nguyen, L., Safavi-Naini, R., Kurosawa, K.: Verifiable shuffles: A formal model and a paillier-based efficient construction with provable security. In: Proc. of Applied Cryptography and Network Security. LNCS, vol. 3089. Springer, Heidelberg (2004)Google Scholar
  45. 45.
    Pfitzmann, A.: How to Implement ISDNs Without User Observability – some Remarks. Tech. report Fakultät für Informatik, Universität Karlsruhe (1985)Google Scholar
  46. 46.
    Pfitzmann, A., Köhntopp, M.: Anonymity, unobservability, and pseudonymity — A proposal for terminology. LNCS, vol. 2009, pp. 1–9. Springer, Heidelberg (2001)Google Scholar
  47. 47.
    Pfitzmann, A., Pfitzmann, B., Waidner, M.: ISDN-Mixes: Untraceable communication with very small bandwidth overhead. In: Proc. Kommunikation in verteilten Systemen, Informatik-Fachberichte 267, pp. 451–463. Springer, Heidelberg (1991); Slightly extended. In: Information Security, Proc. IFIP/Sec 1991, pp. 245–258 (1991)Google Scholar
  48. 48.
    Pfitzmann, A., Waidner, M.: Networks without user observability. Computers & Security 6(2), 158–166 (1987)CrossRefGoogle Scholar
  49. 49.
    Rackoff, C., Simon, D.R.: Cryptographic defense against traffic analysis. In: Proc. of STOC 1993, pp. 672–681. ACM Press, New York (1993)Google Scholar
  50. 50.
    Reiter, M.K., Rubin, A.D.: Crowds: Anonymity for web transactions. ACM Transactions on Information and System Security 1(1), 66–92 (1998)CrossRefGoogle Scholar
  51. 51.
    Rennhard, M., Plattner, B.: Practical anonymity for the masses with morphmix. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110. Springer, Heidelberg (2004)Google Scholar
  52. 52.
    Serjantov, A.: On the Anonymity of Anonymity Systems. PhD thesis, University of Cambridge (2004)Google Scholar
  53. 53.
    Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  54. 54.
    Stajano, F., Anderson, R.: The cocaine auction protocol: On the power of anonymous broadcast. In: Pfitzmann, A. (ed.) Information Hiding —3rd International Workshop, IH 1999. LNCS, vol. 1768. Springer, Heidelberg (2000)Google Scholar
  55. 55.
    Syverson, P.F., Stubblebine, S.G.: Group principals and the formalization of anonymity. In: Proc. of the World Congress on Formal Methods. LNCS, vol. 1708, pp. 814–833. Springer, Heidelberg (1999)Google Scholar
  56. 56.
    von Ahn, L., Bortz, A., Hopper, N.J.: k-Anonymous message transmission. In: Proc. of the 10th ACM Conference on Computer and Communication Security – CCS 2003, pp. 122–130. ACM Press, New York (2003)CrossRefGoogle Scholar
  57. 57.
    Waidner, M.: Unconditional sender and recipient untraceability in spite of active attacks. In: Proc. of EUROCRYPT 1889. LNCS, vol. 434, pp. 302–319. Springer, Heidelberg (1990)Google Scholar
  58. 58.
    Waidner, M., Pfitzmann, B.: The dining cryptographers in the disco: Unconditional sender and recipient untraceability with computationally secure serviceability. In: Proc. of EUROCRYPT 1989. LNCS, vol. 434, p. 690. Springer, Heidelberg (1989)Google Scholar
  59. 59.
    Wikström, D.: A universally composable mix-net. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 317–335. Springer, Heidelberg (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Alejandro Hevia
    • 1
  • Daniele Micciancio
    • 2
  1. 1.Dept. of Computer ScienceUniversity of Chile 
  2. 2.Dept. of Computer Science & EngineeringUniversity of CaliforniaSan Diego 

Personalised recommendations