Express: Lowering the Cost of Metadata-hiding Communication with Cryptographic Privacy

Existing systems for metadata-hiding messaging that provide cryptographic privacy properties have either high communication costs, high computation costs, or both. In this paper, we introduce Express, a metadata-hiding communication system that significantly reduces both communication and computation costs. Express is a two-server system that provides cryptographic security against an arbitrary number of malicious clients and one malicious server. In terms of communication, Express only incurs a constant-factor overhead per message sent regardless of the number of users, whereas previous cryptographically-secure systems Pung and Riposte had communication costs proportional to roughly the square root of the number of users. In terms of computation, Express only uses symmetric key cryptographic primitives and makes both practical and asymptotic improvements on protocols employed by prior work. These improvements enable Express to increase message throughput, reduce latency, and consume over 100x less bandwidth than Pung and Riposte, dropping the end to end cost of running a realistic whistleblowing application by 6x.

[1]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[2]  Silvio Micali,et al.  On the Cryptographic Applications of Random Functions , 1984, CRYPTO.

[3]  David A. Cooper,et al.  Preserving privacy in a network of mobile computers , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[4]  Rafail Ostrovsky,et al.  Private information storage (extended abstract) , 1997, STOC '97.

[5]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[6]  Emin Gün Sirer,et al.  Herbivore: A Scalable and Efficient Protocol for Anonymous Communication , 2003 .

[7]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[8]  Dawn Xiaodong Song,et al.  Private Keyword-Based Push and Pull with Applications to Anonymous Communication , 2004, ACNS.

[9]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[10]  Nick Mathewson,et al.  The pynchon gate: a secure method of pseudonymous mail retrieval , 2005, WPES '05.

[11]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[12]  Sujata Garera,et al.  Challenges in teaching a graduate course in applied cryptography , 2009, SGCS.

[13]  Dan Boneh,et al.  Symmetric Cryptography in Javascript , 2009, 2009 Annual Computer Security Applications Conference.

[14]  Zhen Ling,et al.  One Cell is Enough to Break Tor's Anonymity , 2009 .

[15]  Bryan Ford,et al.  Dissent: accountable anonymous group messaging , 2010, CCS '10.

[16]  David Wolinsky,et al.  Dissent in Numbers: Making Strong Anonymity Scale , 2012, OSDI.

[17]  David Wolinsky,et al.  Proactively Accountable Anonymous Messaging in Verdict , 2012, USENIX Security Symposium.

[18]  Aniket Kate,et al.  AnoA: A Framework for Analyzing Anonymous Communication Protocols , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[19]  Bryan Ford,et al.  Conscript your friends into larger anonymity sets with JavaScript , 2013, WPES.

[20]  Nikita Borisov,et al.  The Need for Flow Fingerprints to Link Correlated Network Flows , 2013, Privacy Enhancing Technologies.

[21]  Micah Sherr,et al.  Users get routed: traffic correlation on tor by realistic adversaries , 2013, CCS.

[22]  Yuval Ishai,et al.  Distributed Point Functions and Their Applications , 2014, EUROCRYPT.

[23]  Dan Boneh,et al.  Riposte: An Anonymous Messaging System Handling Millions of Users , 2015, 2015 IEEE Symposium on Security and Privacy.

[24]  George Danezis,et al.  DP5: A Private Presence Service , 2015, Proc. Priv. Enhancing Technol..

[25]  Yuval Ishai,et al.  Function Secret Sharing , 2015, EUROCRYPT.

[26]  Nickolai Zeldovich,et al.  Vuvuzela: scalable private messaging resistant to traffic analysis , 2015, SOSP.

[27]  Yuval Ishai,et al.  Function Secret Sharing: Improvements and Extensions , 2016, CCS.

[28]  Marc-Olivier Killijian,et al.  XPIR : Private Information Retrieval for Everyone , 2016, Proc. Priv. Enhancing Technol..

[29]  Nickolai Zeldovich,et al.  Stadium: A Distributed Metadata-Private Messaging System , 2017, IACR Cryptol. ePrint Arch..

[30]  Srinivas Devadas,et al.  Riffle: An Efficient Communication System With Strong Anonymity , 2016, Proc. Priv. Enhancing Technol..

[31]  Srinath T. V. Setty,et al.  Unobservable Communication over Fully Untrusted Infrastructure , 2016, OSDI.

[32]  Frank Wang,et al.  Splinter: Practical Private Queries on Public Data , 2017, NSDI.

[33]  C. Berret Guide to SecureDrop , 2016 .

[34]  Nickolai Zeldovich,et al.  This Paper Is Included in the Proceedings of the 12th Usenix Symposium on Operating Systems Design and Implementation (osdi '16). Alpenhorn: Bootstrapping Secure Communication without Leaking Metadata Alpenhorn: Bootstrapping Secure Communication without Leaking Metadata , 2022 .

[35]  Jennifer Granick,et al.  We Kill People Based on Metadata , 2017 .

[36]  C. Nyst,et al.  The Right to Privacy in the Digital Age , 2017 .

[37]  Dan Boneh,et al.  Prio: Private, Robust, and Scalable Computation of Aggregate Statistics , 2017, NSDI.

[38]  George Danezis,et al.  The Loopix Anonymity System , 2017, USENIX Security Symposium.

[39]  Srinivas Devadas,et al.  Atom: Horizontally Scaling Strong Anonymity , 2016, SOSP.

[40]  Nickolai Zeldovich,et al.  Karaoke: Distributed Private Messaging Immune to Passive Traffic Analysis , 2018, OSDI.

[41]  Srinath T. V. Setty,et al.  PIR with Compressed Queries and Amortized Query Processing , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[42]  Aniket Kate,et al.  Anonymity Trilemma: Strong Anonymity, Low Bandwidth Overhead, Low Latency - Choose Two , 2017, 2018 IEEE Symposium on Security and Privacy (SP).

[43]  Yuval Ishai,et al.  Zero-Knowledge Proofs on Secret-Shared Data via Fully Linear PCPs , 2019, CRYPTO.

[44]  Stefan Schiffner,et al.  On Privacy Notions in Anonymous Communication , 2018, Proc. Priv. Enhancing Technol..

[45]  Srinivas Devadas,et al.  XRD: Scalable Messaging System with Cryptographic Privacy , 2020, NSDI.

[46]  Benny Pinkas,et al.  Blinder: MPC Based Scalable and Robust Anonymous Committed Broadcast , 2020, IACR Cryptol. ePrint Arch..

[47]  Christiane Kuhn,et al.  Breaking and (Partially) Fixing Provably Secure Onion Routing , 2019, 2020 IEEE Symposium on Security and Privacy (SP).