Cryptographic defense against traffic analysis

We present a model which allows us formally to define “untraceability” of messages in a network of synchronously communicating processors. We consider several different definitions, based on different assumptions about the strength of the “adversary” attempting to identify the senders and receivers of messages; for example, the adversary may be able to control some of the processors to obtain information, or even disrupt the traffic in the network. We present efficient protocols which are provably secure against each such adversary, using such cryptographic techniques as secure multiparty computation ([ GMWl) and non-interactive zero-knowledge proof ([BFM]). One proof of security also relies on an interesting general lemma about the “mixing” achieved by certain kinds of random processes, or “shuffles”, performed on a set of items. *This work was supported in part by NSERC operating grants and ITRC, an Ontario Centre of Excellence. t Department of Computer Science, University of Toronto, Toronto, Ontario, Canada M5S 1A4; rackoff@cs.toronto. edu : D6partement IRO, Universit6 de Montr6al, C.P. 6128, Succursale “A”, Montr&d, Qu6bec, H3C 3J7; simon@iro.umontreal .ca Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appaar, and notice is given that copying is by permission of the Association for Computing Machinery. To copy otherwise, or to republish, requires a fee and/or specific permission. 25th ACM STOC ‘93-51931CA, K.A o 1993 ACM 0-89791 -591 -7/93 /0005 /0672 . ..$1 .50

[1]  Daniel R. Simon On defining and achieving cryptographic security in a multiparty network , 1993 .

[2]  Donald Ervin Knuth,et al.  The Art of Computer Programming, 2nd Ed. (Addison-Wesley Series in Computer Science and Information , 1978 .

[3]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[4]  Andreas Pfitzmann How to implement ISDNs without user observability---Someremarks , 1987, SGSC.

[5]  Manuel Blum,et al.  An Efficient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information , 1985, CRYPTO.

[6]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[7]  Rafail Ostrovsky,et al.  Efficient computation on oblivious RAMs , 1990, STOC '90.

[8]  Miklos Santha,et al.  Generating Quasi-Random Sequences from Slightly-Random Sources (Extended Abstract) , 1984, FOCS.

[9]  Birgit Pfitzmann,et al.  ISDN-MIXes: Untraceable Communication with Small Bandwidth Overhead , 1991, Kommunikation in Verteilten Systemen.

[10]  Donald Beaver,et al.  Foundations of Secure Interactive Computing , 1991, CRYPTO.

[11]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[12]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[13]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[14]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[15]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[16]  Milena Mihail,et al.  Conductance and convergence of Markov chains-a combinatorial treatment of expanders , 1989, 30th Annual Symposium on Foundations of Computer Science.

[17]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[18]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[19]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[20]  Vijay V. Vazirani,et al.  Random polynomial time is equal to slightly-random polynomial time , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[21]  Mark Jerrum,et al.  Approximate Counting, Uniform Generation and Rapidly Mixing Markov Chains , 1987, International Workshop on Graph-Theoretic Concepts in Computer Science.

[22]  Mark Jerrum,et al.  Approximate Counting, Uniform Generation and Rapidly Mixing Markov Chains , 1987, WG.

[23]  David Chaum,et al.  Achieving Electronic Privacy , 1992 .