Fundamental Constraints And Provably Secure Constructions Of Anonymous Communication Protocols
thesisposted on 2021-07-28, 06:08 authored by Debajyoti DasDebajyoti Das
Anonymous communication networks (ACNs) are critical to communication privacy over the internet as they enable
individuals to maintain their privacy from untrusted intermediaries and endpoints.
Typically, ACNs involve messages traveling through some intermediaries before arriving at their destinations, and therefore they introduce network latency and bandwidth overheads.
The goal of this work is to investigate the fundamental constraints of anonymous communication (AC) protocols.
We analyze the relationship between bandwidth overhead, latency overhead, and sender anonymity or recipient anonymity against a global passive (network-level) adversary.
We confirm the widely believed trilemma
that an AC protocol can only achieve two out of the following three properties:
strong anonymity (i.e., anonymity up to a negligible chance),
low bandwidth overhead, and low latency overhead.
We further study anonymity against a stronger global passive adversary that can additionally passively compromise some of the AC protocol nodes.
For a given number of compromised nodes,
we derive as a necessary constraint a relationship between bandwidth and latency overhead whose violation make it impossible for an AC protocol to achieve strong anonymity.
We analyze prominent AC protocols from the literature and depict to which extent those satisfy our necessary constraints.
Our fundamental necessary constraints offer a guideline not only for improving existing AC systems but also for designing novel AC protocols with non-traditional bandwidth and latency overhead choices.
Using the guidelines indicated by our fundamental necessary constraints we provide two efficient protocol constructions.
First, we design a mixnet-based AC protocol Streams that provides provable mixing guarantees with the expense of latency overhead. Streams realizes a trusted third party stop-and-go mix as long as each message stays in the system for $\omega(\log \eta)$ rounds.
Second, we offer a DC-net based design OrgAn that can provide strong sender anonymity with constant latency at the expense of bandwidth overhead. OrgAn solves the problem of regular requirements of key and slot agreement present in typical DC-net based protocols, by utilizing a client/relay/server architecture.