Anonymity

1
Anonymity

• Joint work with Dalia Malkhi, Ofer Margoniski,
  Ezra Hoch at various points.

2
What is anonymity

• Anonymity is the ability to do something without
  being caught.
• Anonymity is per action
• Anonymity is always defined by an adversary model.

3
Related concepts

• Pseudo-anonymity the ability to do something
  without being discovered (but the adversary by
  detect repetition of actions)

4
Type of anonymity

• Sender
• Receiver
• Publisher (broadcast model)
• Unlinkability
• Unobservability

5
How to achieve it

• Third party.
• DC
• Mix-nets
• Onion
• AMPC
• Crowds
• New stuff

6
Third party

• Use a trusted third party to send things forward.
• Advantages cheap and easy.
• Disadvantages who to trust
• A paranoid is a man who know a little of what is
  going on (William S. Burroughs)

7
DC nets

• Optional

8
Mix-nets

• Basic idea use a server to mix a set of
  messages. Each message is encrypted via a PKI so
  that only its recipient can read it.
• In order to avoid traffic analysis it is
  encrypted in addition with the servers PKI.
• Use a series of n servers to achieve anonymity
  (up to n-1 colluding servers)

9
AMPC

• AMPC can be seen as a variant of mixnets in which
  crypto is done via distribution (Markus Jakobsson)

10
Onion Mixs

• In order to avoid having to go through all of the
  mixes onion-mixes were developed.
• In an onion-mix the first server who recieves a
  set of messages builds a random path through a
  set of mixs to the final mix who distributes the
  messages.

11
Problems

• Traffic analysis.
• Sets of messages move through the system together
  allowing an adversaryu to connect them.
• If the first onion is corrupt the system is
  compromised.

12
Our protocl

• Allow the users to choose paths.
• Let n be the number of servers in the system of
  which bltn/2 are corrupt and m the number of
  messages.
• Each user choose a random path of length logn.
  The message is encrypted so that each server can
  only tell the next server what the message is.

13
Our protocol (cont)

• Each time two messages meet in a good server they
  get mixed up (in a good way). Since there are an
  expected O(logn) good servers in the chain and
  each time a message is in a good server its
  anonymity set doubles the size of the anonymity
  set is an expected m messages.

14
Variants

• If the chain is chosen to be length log2 (or
  larger by an o(n) factor) the anonymity set is
  O(m) whp.
• If the chain is chosen to be shorter we get an
  anonymity set of a constant fraction of m.

15
Analysis

• Advantages
• Uses a small set of servers thereby having less
  overhead for the servers.
• Users can control level of anonymity.
• A corrupt (first) server is not harmful.
• Drawbacks
• There is a non-zero probability that the
  anonymity is compromised.

16
Threshold cryptography

• Threshold cryptography allows one to share the
  power of a cryptosystem. Threshold cryptography
  distinguishes itself from secure distributed
  computation by being non-interactive.
• In threshold cryptography we can require that a
  group of any size act in order to encrypt/decrypt.

17
Why is this interesting? (for anonymity)

• Using notation as before we can use a threshold
  scheme such that blgn users need to decrypt the
  message. A user encrypts the message using this
  scheme and sends it to a random server. The
  server forwards the message to a random server
  ala crowds.

18
Variants

• The logn factor in the blogn can be played with
  to get a smaller anonymity set.

19
Analysis

• The scheme guarantees anonymity.
• Drawbacks
• The scheme utilizes a complex primitive of
  threshold cryptography.