Towards practical and fundamental limits of anonymity protection

A common function of anonymity systems is the embedding of subjects that are associated to some attributes in a set of subjects, the anonymity set. Every subject within the anonymity set appears to be possibly associated to attributes of every other subject within it. The anonymity set covers the associations between the subjects and their attributes. The limit of anonymity protection basically depends on the hardness of disclosing those hidden associations from the anonymity sets. This thesis analyses the protection limit provided by anonymity sets by studying a practical and widely deployed anonymity system, the Chaum Mix. A Mix is an anonymous communication system that embeds senders of messages in an anonymity set to hide the association to their recipients (i.e., attributes), in each communication round. It is well known that traffic analyses can uniquely identify a user’s recipients by evaluating the sets of senders (i.e., the sender anonymity set) and recipients using the Mix in several rounds. The least number of rounds for that identification represents a fundamental limit of anonymity protection provided by the anonymity sets, similar to Shannon’s unicity-distance. That identification requires solving NPcomplete problems and was believed to be computationally infeasible. This thesis shows by a new and optimised algorithm that the unique identification of a user’s recipients is for many realistic Mix configurations computational feasible, in the average case. It contributes mathematical estimates of the mean least number of rounds and the mean time-complexity for that unique identification. These measure the fundamental, as well as the practical protection limit provided by the anonymity sets of a Mix. They can be applied to systematically identify Mix configurations that lead to a weak anonymity of a user’s recipients. To the best of our knowledge, this has not been addressed yet, due to the computational infeasibility of past algorithms. All before-mentioned algorithms and analyses can be adapted to deduce information about a user’s recipients, even in cases of incomplete knowledge about the anonymity sets, or a low number of observed anonymity sets.