Reusable anonymous return channels

Mix networks are used to deliver messages anonymously to recipients, but do not straightforwardly allow the recipient of an anonymous message to reply to its sender. Yet the ability to reply one or more times, and to further reply to replies, is essential to a complete anonymous conversation. We propose a protocol that allows a sender of anonymous messages to establish a reusable anonymous return channel. This channel enables any recipient of one of these anonymous messages to send back one or more anonymous replies. Recipients who reply to different messages can not test whether two return channels are the same, and there-fore can not learn whether they are replying to the same person. Yet the fact that multiple recipients may send multiple replies through the same return channel helps defend against the counting attacks that defeated earlier proposals for return channels. In these attacks, an adversary traces the origin of a message by sending a specific number of replies and observing who collects the same number of messages. Our scheme resists these attacks because the replies sent by an attacker are mixed with other replies submitted by other recipients through the same return channel. Moreover, our protocol straightforwardly allows for replies to replies, etc. Our protocol is based upon a re-encryption mix network, and requires four times the amount of computation and communication of a basic mixnet.

[1]  Paul Syverson,et al.  Onion Routing for Anonymous and Private Internet Connections , 1999 .

[2]  Kazue Sako,et al.  Fault tolerant anonymous channel , 1997, ICICS.

[3]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[4]  Torben P. Pedersen A Threshold Cryptosystem without a Trusted Party (Extended Abstract) , 1991, EUROCRYPT.

[5]  Markus Jakobsson,et al.  Mix and Match: Secure Function Evaluation via Ciphertexts , 2000, ASIACRYPT.

[6]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[7]  Kazue Sako,et al.  An Efficient Scheme for Proving a Shuffle , 2001, CRYPTO.

[8]  Markus Jakobsson,et al.  On Quorum Controlled Asymmetric Proxy Re-encryption , 1999, Public Key Cryptography.

[9]  Kazue Sako,et al.  An Ecient Scheme for Proving a Shue , 2001 .

[10]  Markus Jakobsson,et al.  Making Mix Nets Robust for Electronic Voting by Randomized Partial Checking , 2002, USENIX Security Symposium.

[11]  C. Andrew Neff,et al.  A verifiable secret shuffle and its application to e-voting , 2001, CCS '01.

[12]  Markus Jakobsson,et al.  A Practical Mix , 1998, EUROCRYPT.

[13]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[14]  Gene Tsudik,et al.  Mixing E-mail with Babel , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[15]  Sameer Parekh Prospects for Remailers , 1996, First Monday.

[16]  Brent Waters,et al.  Receiver anonymity via incomparable public keys , 2003, CCS '03.

[17]  Paul F. Syverson,et al.  Onion routing , 1999, CACM.