1 / 13

Freedom not Fear: Scalable Anonymous Communication Mahdi Zamani 1

Freedom not Fear: Scalable Anonymous Communication Mahdi Zamani 1 Joint with Josh Karlin 2 , Joud Khoury 2 , and Jared Saia 1 1 University of New Mexico 2 Raytheon BBN Technologies. Motivation. Anonymity guarantees freedom of speech One can speak without fear of consequences.

moira
Download Presentation

Freedom not Fear: Scalable Anonymous Communication Mahdi Zamani 1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Freedom not Fear: Scalable Anonymous Communication Mahdi Zamani1 Joint with Josh Karlin2, Joud Khoury2, and Jared Saia1 1University of New Mexico 2Raytheon BBN Technologies

  2. Motivation Anonymity guarantees freedom of speech One can speak without fear of consequences. Theoretical guarantees are critical • Political discussions can put people at risk of torture, imprisonment, etc.

  3. Anonymous Broadcast • n processors • Goal: Any processor can broadcast a message msuch that: • Every processor receives m, • “Hard” to trace mto its original sender.

  4. Mix-Nets (1981) Chain of proxy servers Pros and cons Create hard-to-trace communications, Not robust against traffic analysis.

  5. DC-Nets (1988) Secure Multi-Party Computation (MPC) Parties jointly compute a function over their inputs, while keeping these inputs private. Sum example: m1 = [m11 m12 m13] [m11 m21 m31] M1 M1 [M1 M2 M3] m12 m13 M1 = m11+m21+m31 S = M1+M2+M3 M1 P1 P2 P3 M2 M3 S = M1+M2+M3 [M1 M2 M3] [m12 m22 m32] [m13 m23 m33] M2 [M1 M2 M3] S = M1+M2+M3 M2 = m12+m22+m32 M3= m13+m23+m33 M3 M2 M3

  6. DC-Nets (1988) One player has input m; remaining players have input zero, Compute sum jointly using MPC, All players learn mwithout learning anything about the identity of the sender. Secure against traffic analysis Drawbacks: Jamming attack Poor scalability

  7. Assumptions Adversary is static Taking over nodes at beginning of protocol. Up to a third of the players can be bad

  8. The Idea Shuffle inputs Apermutation circuit. Compute the circuit Scalable MPC scheme

  9. Example: Permutation Circuit for 8 Processors O(nlogn) gates Õ((n2 + )/n + ) bits Õ(n) bits per processor

  10. Results Our protocol 220 ~ 1M players ~ 240 bits = 128 GB per player 128 KB per player per anonymous bit State-of-the-art 220 ~ 1M players ~ 249 bits = 64 TB per player 64 MB per player per anonymous bit

  11. Profile

  12. Open Problems Improved resource cost Use cryptographic MPC scheme Asynchronous model Adaptive adversary

  13. Other References Quorum building: S. Sen and M. Freedman. Commensal cuckoo: secure group partitioning for large-scale services. ACM SIGOPS 2012. MPC: M. Ben-Or, S. Goldwasser, and A. Wigderson. Completeness theorems for noncryptographic fault-tolerant distributed computing. In STOC 1988. Byzantine agreement: M. Young, A. Kate, I. Goldberg, and M. Karsten. Practical robust communication in DHTs tolerating a byzantine adversary. In ICDCS 2010.

More Related