Abstract
Anycast messaging (i.e., sending a message to an unspecified receiver) has long been neglected by the anonymous communication community. An anonymous anycast prevents senders from learning who the receiver of their message is, allowing for greater privacy in areas such as political activism and whistleblowing. To design protocols with provable guarantees for anonymous anycast, a formal consideration of the problem is necessary, but missing in current work. We use a game-based approach to provide formal definitions of anycast functionality and privacy. Our work also introduces Panini, the first anonymous anycast protocol that requires only existing infrastructure.
We show that Panini allows the actual receiver of the anycast message to remain anonymous, even in the presence of an honest but curious sender. In an empirical evaluation, we find that Panini adds only minimal overhead over regular unicast: Sending a message anonymously to one of eight possible receivers results in an end-to-end latency of 0.76 s.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
https://nymtech.net — Accessed 08/24/2023
- 2.
https://nymtech.net — Accessed 08/24/2023
- 3.
https://signal.org — Accessed 08/24/2023
- 4.
The exact value for T depends on the protocol used to initialize \( \textit{Ch}_{\text {anon}}\).
- 5.
https://github.com/coijanovic/anycast-bench — Accessed 08/24/2023
- 6.
https://github.com/zbohm/lirisi — Accessed 08/24/2023
- 7.
https://www.itu.int/rec/T-REC-G.1010-200111-I — Accessed 08/24/2023
- 8.
https://github.com/coijanovic/panini — Accessed 08/24/2023
References
Backes, M., et al.: AnoA: a framework for analyzing anonymous communication protocols. In: IEEE CSF (2013)
Baldimtsi, F., et al.: Anonymous lottery in the proof-of-stake setting. In: IEEE CSF (2020)
Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: IACR Cryptol. ePrint Arch. (1998)
Benhamouda, F., et al.: Can a public blockchain keep a secret? In: TCC (2020)
Beullens, W., et al.: Calamari and Falafl: logarithmic (linkable) ring signatures from isogenies and lattices. In: IACR Cryptol. ePrint Arch. (2020)
Campanelli, M., et al.: Encryption to the future: a paradigm for sending secret messages to future (anonymous) committees. IACR Cryptol. ePrint Arch. (2021)
Cascudo, I., et al.: YOLO YOSO: fast and simple encryption and secret sharing in the YOSO model. In: IACR Cryptology ePrint Archive (2022)
Cicalese, D., Rossi, D.: A longitudinal study of IP Anycast. Comput. Commun. Rev. 48, 10–18 (2018)
Coijanovic, C., et al.: Panini: Anonymous AnyCast and an instantiation (extended version). ArXiv (2023)
Das, D., et al.: Organ: organizational anonymity with low latency. PoPETs (2022)
Díaz, C., et al.: The NYM network the next generation of privacy infrastructure (2021)
Dingledine, R., et al.: Tor: The second-generation onion router. In: USENIX Security (2004)
Döttling, N., et al.: McFly: verifiable encryption to the future made practical. IACR Cryptol. ePrint Arch. (2022)
Eskandarian, S., et al.: Express: lowering the cost of metadata-hiding communication with cryptographic privacy. In: USENIX Security (2021)
Ganesh, C., et al.: Proof-of-stake protocols for privacy-aware blockchains. IACR Cryptol. ePrint Arch. (2018)
Gentry, C., et al.: Random-index PIR with applications to large-scale secure MPC. IACR Cryptol. ePrint Arch. (2020)
Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst, Sci (1984)
Goldwasser, S., et al.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17, 281–308 (1988)
Hevia, A.G., Micciancio, D.: An indistinguishability-based characterization of anonymous channels. In: PETS (2008)
van den Hooff, J., et al.: Vuvuzela: scalable private messaging resistant to traffic analysis. In: SOSP (2015)
Kuhn, C., et al.: On privacy notions in anonymous communication. PoPets (2019)
Langowski, S., et al.: Trellis: Robust and scalable metadata-private anonymous broadcast (2022)
Liu, J.K., Wong, D.S.: Linkable ring signatures: Security models and new schemes. In: ICCSA (2005)
Liu, J.K., et al.: Linkable spontaneous anonymous group signature for ad hoc groups (extended abstract). IACR Cryptol. ePrint Arch. (2004)
Lu, X., et al.: Raptor: a practical lattice-based (linkable) ring signature. IACR Cryptol. ePrint Arch. (2018)
Mislove, A., et al.: Ap3: cooperative, decentralized anonymous communication. In: EW 11 (2004)
Nassurdine, M., et al.: Identity based linkable ring signature with logarithmic size. In: Inscrypt (2021)
Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management (2010)
Piotrowska, A.M., et al.: The loopix anonymity system. ArXiv (2017)
Schaad, J., Cellars, A., et al.: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0. RFC 8551, RFC Editor, April 2019
Vadapalli, A., et al.: Sabre: Sender-anonymous messaging with fast audits. In: IEEE SP (2022)
Acknowledgements
This work has been funded by the Helmholtz Association through the KASTEL Security Research Labs (HGF Topic 46.23), and by funding of the German Research Foundation (DFG, Deutsche Forschungsgemeinschaft) as part of Germany’s Excellence Strategy – EXC 2050/1 – Project ID 390696704 – Cluster of Excellence “Centre for Tactile Internet with Human-in-the-Loop” (CeTI) of Technische Universität Dresden.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Panini Pseudocode
A Panini Pseudocode
Refer to Algorithm 1 for a pseudocode description of Panini.
Sender and receiver behavior for Panini. \(\textsc {Send}(s,m,n,U_p)\) is executed by user s who wants to send message m to n users out of the set of possible receivers \(U_p\). \(\textsc {Receive}(u)\) is executed by receiver u to receive possible anycast messages. \(\lambda \) and tag are fixed protocol parameters known to all users. During the execution of Send, three lists are assembled: R contains the possible receivers’ signature public keys, K contains the possible receivers’ ephemeral keys, and \(\varSigma \) contains their signatures.
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Coijanovic, C., Weis, C., Strufe, T. (2024). Panini — Anonymous Anycast and an Instantiation. In: Tsudik, G., Conti, M., Liang, K., Smaragdakis, G. (eds) Computer Security – ESORICS 2023. ESORICS 2023. Lecture Notes in Computer Science, vol 14345. Springer, Cham. https://doi.org/10.1007/978-3-031-51476-0_10
Download citation
DOI: https://doi.org/10.1007/978-3-031-51476-0_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-51475-3
Online ISBN: 978-3-031-51476-0
eBook Packages: Computer ScienceComputer Science (R0)