Provable Unlinkability Against Traffic Analysis Already After O(log(n)) Steps!
نویسندگان
چکیده
We consider unlinkability of communication problem: given n users, each sending a message to some destination, encode and route the messages so that an adversary analyzing the traffic in the communication network cannot link the senders with the recipients. A solution should have a small communication overhead, that is, the number of additional messages should be kept low. David Chaum introduced idea of mixes for solving this problem. His approach was developed further by Simon and Rackoff, and implemented later as the onion protocol. Even if the onion protocol is widely regarded as secure and used in practice, formal arguments supporting this claim are rare and far from being complete. On top of that, in certain scenarios very simple tricks suffice to break security without breaking the cryptographic primitives. It turns out that one source of difficulties in analyzing the onion protocol’s security is the adversary model. In a recent work, Berman, Fiat and Ta-Shma develop a new and more realistic model in which only a constant fraction of communication lines can be accessed by an adversary, the number of messages does not need to be high and the preferences of the users are taken into account. For this model they prove that with high probability a good level of unlinkability is obtained afterO(log n) steps of the onion protocol where n is the number of messages sent. In this paper we improve these results: we show that the same level of unlinkability (expressed as variation distance between certain probability distributions) is obtained with high probability already after O(log n) steps of the onion protocol. Asymptotically, this is the best result possible, since obviously Ω(log n) steps are necessary. On top of that, our analysis is much simpler. It is based on path coupling technique designed for showing rapid mixing of Markov chains.
منابع مشابه
Provable Unlinkability against Traffic Analysis
Chaum [1, 2] suggested a simple and efficient protocol aimed at providing anonymity in the presence of an adversary watching all communication links. Chaum’s protocol is known to be insecure. We show that Chaum’s protocol becomes secure when the attack model is relaxed and the adversary can control at most 99% of communication
متن کاملRandomized Stopping Times and Provably Secure Pseudorandom Permutation Generators
Conventionally, key-scheduling algorithm (KSA) of a cryptographic scheme runs for predefined number of steps. We suggest a different approach by utilization of randomized stopping rules to generate permutations which are indistinguishable from uniform ones. We explain that if the stopping time of such a shuffle is a Strong Stationary Time and bits of the secret key are not reused then these alg...
متن کاملUnlinkability Measure for IEEE 802.11b MANET
In this paper, we propose a two-step unlinkability measuring approach for MANET, i.e., (a) evidence collection using statistical packet-counting traffic analysis, (b) evidence theory-based unlinkability measure. We use IEEE 802.11b-based MANETs as our analytical systems. Using our approach, we can collect a set of evidence to set up a probability assignment for each possible communication relat...
متن کاملSecure Anonymous Broadcast
In anonymous broadcast, one or more parties want to anonymously send messages to all parties. This problem is increasingly important as a black-box in many privacy-preserving applications such as anonymous communication, distributed auctions, and multi-party computation. In this paper, we design decentralized protocols for anonymous broadcast that require each party to send (and compute) a poly...
متن کاملPrinciples weaker than BD-N
BD-N is a weak principle of constructive analysis. Several interesting principles implied by BD-N have already been identified, namely the closure of the anti-Specker spaces under product, the Riemann Permutation Theorem, and the Cauchyness of all partially Cauchy sequences. Here these are shown to be strictly weaker than BD-N, yet not provable in set theory alone under constructive logic. keyw...
متن کامل