Skip to main content
SpringerLink
Log in

An Indistinguishability-Based Characterization of Anonymous Channels

  • Conference paper
Privacy Enhancing Technologies (PETS 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5134))

Included in the following conference series:

Abstract

We revisit the problem of anonymous communication, in which users wish to send messages to each other without revealing their identities. We propose a novel framework to organize and compare anonymity definitions. In this framework, we present simple and practical definitions for anonymous channels in the context of computational indistinguishability. The notions seem to capture the intuitive properties of several types of anonymous channels (Pfitzmann and Köhntopp 2001) (eg. sender anonymity and unlinkability). We justify these notions by showing they naturally capture practical scenarios where information is unavoidably leaked in the system. Then, we compare the notions and we show they form a natural hierarchy for which we exhibit non-trivial implications. In particular, we show how to implement stronger notions from weaker ones using cryptography and dummy traffic – in a provably optimal way. With these tools, we revisit the security of previous anonymous channels protocols, in particular constructions based on broadcast networks (Blaze et al. 2003), anonymous broadcast (Chaum 1981), and mix networks (Groth 2003, Nguyen et al. 2004). Our results give generic, optimal constructions to transform known protocols into new ones that achieve the strongest notions of anonymity.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abe, M.: Universally verifiable mix-net with verification work independent of the number of mix-servers. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 437–447. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  2. Beaver, D., Micali, S., Rogaway, P.: The round complexity of secure protocols. In: Proc. of the 22nd Annual ACM Symposium on the Theory of Computing – STOC 1990, pp. 503–513. ACM Press, New York (1990)

    Chapter  Google Scholar 

  3. Beimel, A., Dolev, S.: Buses for anonymous message delivery. Journal of Cryptology 16 (2003)

    Google Scholar 

  4. Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-privacy in public-key encryption. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 566–582. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  5. Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)

    Google Scholar 

  6. Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for noncryptographic fault-tolerant distributed computations. In: Proc. of the 20th Annual ACM Symposium on Theory of Computing, pp. 1–10. ACM Press, New York (1988)

    Google Scholar 

  7. Berman, R., Fiat, A., Ta-Shma, A.: Provable unlinkability against traffic analysis. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110. Springer, Heidelberg (2004)

    Google Scholar 

  8. Blaze, M., Ioannidis, J., Keromytis, A.D., Malkin, T., Rubin, A.: WAR: Wireless anonymous routing. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2003. LNCS, vol. 3364, pp. 218–232. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  9. Boneh, D., Franklin, M.K.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  10. Bos, J., den Boer, B.: Detection of disrupters in the DC protocol. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 320–328. Springer, Heidelberg (1990)

    Google Scholar 

  11. Camenisch, J., Lysyanskaya, A.: A formal treatment of onion routing. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 169–187. Springer, Heidelberg (2005)

    Google Scholar 

  12. Canetti, R.: Security and composition of multiparty cryptographic protocols. Journal of Cryptology 13(1), 143–202 (2000)

    Article  MATH  MathSciNet  Google Scholar 

  13. Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: Proc. of the 42nd IEEE Symposium on Foundations of Computer Science, pp. 136–145. IEEE Computer Society Press, Los Alamitos (2001)

    Google Scholar 

  14. Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2), 84–88 (1981)

    Article  Google Scholar 

  15. Chaum, D.: The Dining Cryptographers Problem: Unconditional sender and recipient untraceability. Journal of Cryptology 1(1), 65–75 (1988)

    Article  MATH  MathSciNet  Google Scholar 

  16. Chaum, D., Crepeau, C., Damgård, I.: Multiparty unconditional secure protocols. In: Proc. of STOC 1988, pp. 11–19. ACM Press, New York (1988)

    Google Scholar 

  17. Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: Design of a Type III Anonymous Remailer Protocol. In: Proc. of IEEE Security and Privacy (2003)

    Google Scholar 

  18. Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  19. Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proc. of the 13th USENIX Security Symposium (2004)

    Google Scholar 

  20. Dolev, S., Ostrobsky, R.: Xor-trees for efficient anonymous multicast and reception. ACM Trans. on Information System Security 3(2), 63–84 (2000)

    Article  Google Scholar 

  21. Feige, U., Lapidot, D., Shamir, A.: Multiple noninteractive zero knowledge proofs under general assumptions. SIAM Journal on Computing 29(1) (1999)

    Google Scholar 

  22. Feigenbaum, J., Johnson, A., Syverson, P.: A model for onion routing with provable anonymity. In: Financial Cryptography. LNCS, vol. 4886. Springer, Heidelberg (2007)

    Google Scholar 

  23. Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. In: Proc. of AUSCRYPT 1992. LNCS, vol. 718, pp. 244–251. Springer, Heidelberg (1992)

    Google Scholar 

  24. Furukawa, J.: Efficient, verifiable shuffle decryption and its requirement of unlinkability. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947. Springer, Heidelberg (2004)

    Google Scholar 

  25. Furukawa, J., Sako, K.: An efficient scheme for proving a shuffle. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  26. Garcia, F.D., Hasuo, I., Pieters, W., van Rossum, P.: Provable anonymity. In: Proc. of the 3rd ACM Workshop on Formal Methods in Security Engineering – FMSE 2005, pp. 63–72. ACM Press, New York (2005)

    Chapter  Google Scholar 

  27. Goldreich, O.: A uniform complexity treatment of encryption and zero-knowledge. Journal of Cryptology 6(1), 21–53 (1993)

    Article  MATH  MathSciNet  Google Scholar 

  28. Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity and a methodology of cryptographic protocol design. In: Proc. 27th Symposium on Foundations of Computer Science, pp. 174–187. IEEE Press, Los Alamitos (1986)

    Google Scholar 

  29. Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Hiding Routing Information. In: Proc. of Information Hiding. LNCS, vol. 1174, pp. 137–150. Springer, Heidelberg (1996)

    Google Scholar 

  30. Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Science 28, 270–299 (1984)

    Article  MATH  MathSciNet  Google Scholar 

  31. Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attacks. Siam J. of Computing 17(2), 281–308 (1988)

    Article  MATH  MathSciNet  Google Scholar 

  32. Golle, P., Juels, A.: Dining cryptographers revisited. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027. Springer, Heidelberg (2004)

    Google Scholar 

  33. Groth, J.: A verifiable secret shuffle of homomorphic encryptions. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  34. Gülcü, C., Tsudik, G.: Mixing E-mail with Babel. In: Proc. of the Network and Distributed Security Symposium – NDSS 1996, pp. 2–16. IEEE Press, Los Alamitos (1996)

    Chapter  Google Scholar 

  35. Hevia, A., Micciancio, D.: Indistinguishability-based Characterization of Anonymous Channels (2008), http://www.dcc.uchile.cl/~ahevia/pubs/

  36. Hughes, D., Shmatikov, V.: Information Hiding, Anonymity and Privacy: a Modular Approach. Journal of Computer Security 12(1), 3–36 (2004)

    Google Scholar 

  37. Halpern, J.Y., O’Neill, K.R.: Anonymity and information hiding in multiagent systems. Journal of Computer Security (2004)

    Google Scholar 

  38. Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Cryptography from anonymity. In: Proc. of FOCS 2006. IEEE Press, Los Alamitos (2006)

    Google Scholar 

  39. Jakobsson, M., Juels, A., Rivest, R.L.: Making mix nets robust for electronic voting by randomized partial checking. In: Proc. of the 11th USENIX Security Symposium (SECURITY 2002), pp. 339–353. USENIX Association (2002)

    Google Scholar 

  40. Kesdogan, D., Egner, J., Büschkes, R.: Stop-and-go MIXes: Providing probabilistic anonymity in an open system. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  41. Mauw, S., Verschuren, J.H.S., de Vink, E.P.: A formalization of anonymity and onion routing. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193. Springer, Heidelberg (2004)

    Google Scholar 

  42. Micali, S., Rackoff, C., Sloan, B.: The notion of security for probabilistic cryptosystems. Siam Journal of Computing 17(2), 412–426 (1988)

    Article  MATH  MathSciNet  Google Scholar 

  43. Neff, A.: A verifiable secret shuffle and its application to E-voting. In: Proc. 8th ACM Conference on Computer and Communications Security, ACM SIGSAC (2001)

    Google Scholar 

  44. Nguyen, L., Safavi-Naini, R., Kurosawa, K.: Verifiable shuffles: A formal model and a paillier-based efficient construction with provable security. In: Proc. of Applied Cryptography and Network Security. LNCS, vol. 3089. Springer, Heidelberg (2004)

    Google Scholar 

  45. Pfitzmann, A.: How to Implement ISDNs Without User Observability – some Remarks. Tech. report Fakultät für Informatik, Universität Karlsruhe (1985)

    Google Scholar 

  46. Pfitzmann, A., Köhntopp, M.: Anonymity, unobservability, and pseudonymity — A proposal for terminology. LNCS, vol. 2009, pp. 1–9. Springer, Heidelberg (2001)

    Google Scholar 

  47. Pfitzmann, A., Pfitzmann, B., Waidner, M.: ISDN-Mixes: Untraceable communication with very small bandwidth overhead. In: Proc. Kommunikation in verteilten Systemen, Informatik-Fachberichte 267, pp. 451–463. Springer, Heidelberg (1991); Slightly extended. In: Information Security, Proc. IFIP/Sec 1991, pp. 245–258 (1991)

    Google Scholar 

  48. Pfitzmann, A., Waidner, M.: Networks without user observability. Computers & Security 6(2), 158–166 (1987)

    Article  Google Scholar 

  49. Rackoff, C., Simon, D.R.: Cryptographic defense against traffic analysis. In: Proc. of STOC 1993, pp. 672–681. ACM Press, New York (1993)

    Google Scholar 

  50. Reiter, M.K., Rubin, A.D.: Crowds: Anonymity for web transactions. ACM Transactions on Information and System Security 1(1), 66–92 (1998)

    Article  Google Scholar 

  51. Rennhard, M., Plattner, B.: Practical anonymity for the masses with morphmix. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110. Springer, Heidelberg (2004)

    Google Scholar 

  52. Serjantov, A.: On the Anonymity of Anonymity Systems. PhD thesis, University of Cambridge (2004)

    Google Scholar 

  53. Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  54. Stajano, F., Anderson, R.: The cocaine auction protocol: On the power of anonymous broadcast. In: Pfitzmann, A. (ed.) Information Hiding —3rd International Workshop, IH 1999. LNCS, vol. 1768. Springer, Heidelberg (2000)

    Google Scholar 

  55. Syverson, P.F., Stubblebine, S.G.: Group principals and the formalization of anonymity. In: Proc. of the World Congress on Formal Methods. LNCS, vol. 1708, pp. 814–833. Springer, Heidelberg (1999)

    Google Scholar 

  56. von Ahn, L., Bortz, A., Hopper, N.J.: k-Anonymous message transmission. In: Proc. of the 10th ACM Conference on Computer and Communication Security – CCS 2003, pp. 122–130. ACM Press, New York (2003)

    Chapter  Google Scholar 

  57. Waidner, M.: Unconditional sender and recipient untraceability in spite of active attacks. In: Proc. of EUROCRYPT 1889. LNCS, vol. 434, pp. 302–319. Springer, Heidelberg (1990)

    Google Scholar 

  58. Waidner, M., Pfitzmann, B.: The dining cryptographers in the disco: Unconditional sender and recipient untraceability with computationally secure serviceability. In: Proc. of EUROCRYPT 1989. LNCS, vol. 434, p. 690. Springer, Heidelberg (1989)

    Google Scholar 

  59. Wikström, D.: A universally composable mix-net. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 317–335. Springer, Heidelberg (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. of Computer Science, University of Chile,  

    Alejandro Hevia

  2. Dept. of Computer Science & Engineering, University of California, San Diego,  

    Daniele Micciancio

Authors
  1. Alejandro Hevia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniele Micciancio
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Nikita Borisov Ian Goldberg

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hevia, A., Micciancio, D. (2008). An Indistinguishability-Based Characterization of Anonymous Channels. In: Borisov, N., Goldberg, I. (eds) Privacy Enhancing Technologies. PETS 2008. Lecture Notes in Computer Science, vol 5134. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70630-4_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-70630-4_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-70629-8

  • Online ISBN: 978-3-540-70630-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation