Blinder: MPC Based Scalable and Robust Anonymous Committed Broadcast

Anonymous Committed Broadcast is a functionality that extends DC-nets and allows a set of clients to privately commit a message to set of servers, which can then simultaneously open all committed messages in a random ordering. Anonymity holds since no one can learn the ordering or the content of the client’s committed message. We present Blinder, the first system that provides a scalable and fully robust solution for anonymous committed broadcast. Blinder maintains both properties of security (anonymity) and robustness (aka. ‘guaranteed output delivery’ or ‘availability’) in the face of a global active (malicious) adversary. Moreover, Blinder is censorship resistant, meaning that a honest client cannot be blocked from participating. Blinder obtains its security and scalability by carefully combining classical and state-of-the-art techniques from the fields of anonymous communication and secure multiparty computation (MPC). Relying on MPC for such a system is beneficial since it naturally allows the parties (servers) to enforce some properties on accepted messages prior their publication. In order to demonstrate scalability, we evaluate Blinder with up to 1 million clients, up to 100 servers and a message size of up to 10 kilobytes. In addition, we show that it is a perfect fit to be implemented on a GPU. A GPU based implementation of Blinder with 5 servers, which accepts 1 million clients, incurs a latency of less than 8 minutes; faster by a factor of > 100 than the 3-servers Riposte protocol (SOSP ’15), which is not robust and not censorship resistant; we get an even larger factor when comparing to AsynchroMix and PowerMix (CCS ’19), which are the only constructions that guarantee fairness (or robustness in the online phase).

[1]  Donald Beaver,et al.  Efficient Multiparty Protocols Using Circuit Randomization , 1991, CRYPTO.

[2]  Stefan Savage,et al.  Herd : A Scalable , Traffic Analysis Resistant Anonymity Network for VoIP Systems , 2015 .

[3]  Birgit Pfitzmann,et al.  How to Break the Direct RSA-Implementation of Mixes , 1990, EUROCRYPT.

[4]  Vitaly Shmatikov,et al.  Timing Analysis in Low-Latency Mix Networks: Attacks and Defenses , 2006, ESORICS.

[5]  Thomas Engel,et al.  Website fingerprinting in onion routing based anonymization networks , 2011, WPES.

[6]  Mohamed M. Fouad,et al.  High performance CUDA AES implementation: A quantitative performance analysis approach , 2017, 2017 Computing Conference.

[7]  Claudia Díaz,et al.  Multiparty Routing: Secure Routing for Mixnets , 2017, ArXiv.

[8]  Rafail Ostrovsky,et al.  Private information storage (extended abstract) , 1997, STOC '97.

[9]  Marc Dacier,et al.  Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services , 2015, USENIX Security Symposium.

[10]  Dieter Rautenbach,et al.  Fundamental limits on the anonymity provided by the MIX technique , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[11]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[12]  Brijesh Joshi,et al.  Touching from a distance: website fingerprinting attacks and defenses , 2012, CCS.

[13]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[14]  Nickolai Zeldovich,et al.  Karaoke: Distributed Private Messaging Immune to Passive Traffic Analysis , 2018, OSDI.

[15]  Douglas Wikström,et al.  Five Practical Attacks for "Optimistic Mixing for Exit-Polls" , 2003, Selected Areas in Cryptography.

[16]  Aggelos Kiayias,et al.  MCMix: Anonymous Messaging via Secure Multiparty Computation , 2017, USENIX Security Symposium.

[17]  Nickolai Zeldovich,et al.  This Paper Is Included in the Proceedings of the 12th Usenix Symposium on Operating Systems Design and Implementation (osdi '16). Alpenhorn: Bootstrapping Secure Communication without Leaking Metadata Alpenhorn: Bootstrapping Secure Communication without Leaking Metadata , 2022 .

[18]  Roger Dingledine,et al.  From a Trickle to a Flood: Active Attacks on Several Mix Types , 2002, Information Hiding.

[19]  David Chaum,et al.  cMix: Anonymization byHigh-Performance Scalable Mixing , 2016, IACR Cryptol. ePrint Arch..

[20]  Nick Mathewson,et al.  The pynchon gate: a secure method of pseudonymous mail retrieval , 2005, WPES '05.

[21]  Ari Juels,et al.  Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges , 2019, ArXiv.

[22]  Yehuda Lindell,et al.  Two-Thirds Honest-Majority MPC for Malicious Adversaries at Almost the Cost of Semi-Honest , 2019, IACR Cryptol. ePrint Arch..

[23]  Yehuda Lindell,et al.  Fast Large-Scale Honest-Majority MPC for Malicious Adversaries , 2018, Journal of Cryptology.

[24]  Seth F. Kreimer Technologies of Protest: Insurgent Social Movements and the First Amendment in the Era of the Internet , 2001 .

[25]  Tao Wang,et al.  Improved website fingerprinting on Tor , 2013, WPES.

[26]  Birgit Pfitzmann,et al.  Breaking Efficient Anonymous Channel , 1994, EUROCRYPT.

[27]  Adam D. Smith,et al.  Distributed Differential Privacy via Shuffling , 2018, IACR Cryptol. ePrint Arch..

[28]  Dawn Xiaodong Song,et al.  Private Keyword-Based Push and Pull with Applications to Anonymous Communication , 2004, ACNS.

[29]  Katsumi Takahashi,et al.  Practically Efficient Multi-party Sorting Protocols from Comparison Sort Algorithms , 2012, ICISC.

[30]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[31]  David A. Cooper,et al.  Preserving privacy in a network of mobile computers , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[32]  Srinivas Devadas,et al.  Atom: Horizontally Scaling Strong Anonymity , 2016, SOSP.

[33]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[34]  Gu-Yeon Wei,et al.  Benchmarking TPU, GPU, and CPU Platforms for Deep Learning , 2019, ArXiv.

[35]  Úlfar Erlingsson,et al.  Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity , 2018, SODA.

[36]  Borja Balle,et al.  The Privacy Blanket of the Shuffle Model , 2019, CRYPTO.

[37]  Dan Boneh,et al.  Riposte: An Anonymous Messaging System Handling Millions of Users , 2015, 2015 IEEE Symposium on Security and Privacy.

[38]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[39]  S. Rajsbaum Foundations of Cryptography , 2014 .

[40]  Yuval Ishai,et al.  Function Secret Sharing: Improvements and Extensions , 2016, CCS.

[41]  J. Balkin Digital Speech and Democratic Culture: a Theory of Freedom of Expression for the Information Society , 2003 .

[42]  George Danezis,et al.  The Loopix Anonymity System , 2017, USENIX Security Symposium.

[43]  Martin Hirt,et al.  Perfectly-Secure MPC with Linear Communication Complexity , 2008, TCC.

[44]  Dan Boneh,et al.  Express: Lowering the Cost of Metadata-hiding Communication with Cryptographic Privacy , 2019, USENIX Security Symposium.

[45]  Carmela Troncoso,et al.  PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval , 2011, USENIX Security Symposium.

[46]  Reihaneh Safavi-Naini,et al.  Breaking and Mending Resilient Mix-Nets , 2003, Privacy Enhancing Technologies.

[47]  Benny Pinkas,et al.  SBFT: A Scalable and Decentralized Trust Infrastructure , 2018, 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[48]  Elaine Shi,et al.  Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[49]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[50]  Aniket Kate,et al.  HoneyBadgerMPC and AsynchroMix: Practical Asynchronous MPC and its Application to Anonymous Communication , 2019, IACR Cryptol. ePrint Arch..

[51]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[52]  Prateek Mittal,et al.  Pisces: Anonymous Communication Using Social Networks , 2013, NDSS.

[53]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[54]  George Danezis,et al.  Low-cost traffic analysis of Tor , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[55]  Oliver Berthold,et al.  Dummy Traffic against Long Term Intersection Attacks , 2002, Privacy Enhancing Technologies.

[56]  Emin Gün Sirer,et al.  Eluding carnivores: file sharing with strong anonymity , 2004, EW 11.

[57]  Nicholas Hopper,et al.  How much anonymity does network latency leak? , 2007, TSEC.

[58]  Dogan Kesdogan,et al.  Stop-and-Go-MIXes Providing Probabilistic Anonymity in an Open System , 1998, Information Hiding.

[59]  Úlfar Erlingsson,et al.  Prochlo: Strong Privacy for Analytics in the Crowd , 2017, SOSP.

[60]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[61]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[62]  Niv Gilboa,et al.  Computationally private information retrieval (extended abstract) , 1997, STOC '97.

[63]  Nickolai Zeldovich,et al.  Vuvuzela: scalable private messaging resistant to traffic analysis , 2015, SOSP.

[64]  Steven J. Murdoch,et al.  Sampled Traffic Analysis by Internet-Exchange-Level Adversaries , 2007, Privacy Enhancing Technologies.

[65]  Paul Francis,et al.  Towards efficient traffic-analysis resistant anonymity networks , 2013, SIGCOMM.

[66]  Eugene Volokh,et al.  Freedom of Speech, Information Privacy, and the Troubling Implications of a Right to Stop People from Speaking About You , 2000 .

[67]  David Wolinsky,et al.  Dissent in Numbers: Making Strong Anonymity Scale , 2012, OSDI.

[68]  Jean-François Raymond,et al.  Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[69]  Raymond Cheng,et al.  Talek: Private Group Messaging with Hidden Access Patterns , 2020, IACR Cryptol. ePrint Arch..

[70]  Nickolai Zeldovich,et al.  Stadium: A Distributed Metadata-Private Messaging System , 2017, IACR Cryptol. ePrint Arch..

[71]  Hannes Federrath,et al.  Web MIXes: A System for Anonymous and Unobservable Internet Access , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[72]  Yuval Ishai,et al.  Distributed Point Functions and Their Applications , 2014, EUROCRYPT.

[73]  Kartik Nayak,et al.  Sync HotStuff: Simple and Practical Synchronous State Machine Replication , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[74]  Yehuda Lindell,et al.  An End-to-End System for Large Scale P2P MPC-as-a-Service and Low-Bandwidth MPC for Weak Participants , 2018, IACR Cryptol. ePrint Arch..

[75]  Bryan Ford,et al.  Dissent: accountable anonymous group messaging , 2010, CCS '10.

[76]  Matthew K. Wright,et al.  Timing Attacks in Low-Latency Mix Systems (Extended Abstract) , 2004, Financial Cryptography.

[77]  Jérôme Lacan,et al.  FNT-Based Reed-Solomon Erasure Codes , 2009, 2010 7th IEEE Consumer Communications and Networking Conference.

[78]  Ivan Damgård,et al.  Scalable and Unconditionally Secure Multiparty Computation , 2007, CRYPTO.

[79]  Rob Kling,et al.  Anonymous Communication Policies for the Internet: Results and Recommendations of the AAAS Conference , 1999, Inf. Soc..

[80]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[81]  Kartik Nayak,et al.  Synchronous Byzantine Agreement with Expected O(1) Rounds, Expected O(n2) Communication, and Optimal Resilience , 2019, IACR Cryptol. ePrint Arch..

[82]  Srinath T. V. Setty,et al.  Unobservable Communication over Fully Untrusted Infrastructure , 2016, OSDI.

[83]  George Danezis,et al.  No right to remain silent: Isolating Malicious Mixes , 2017, IACR Cryptol. ePrint Arch..

[84]  Srinivas Devadas,et al.  Riffle: An Efficient Communication System With Strong Anonymity , 2016, Proc. Priv. Enhancing Technol..

[85]  Nick Mathewson,et al.  Practical Traffic Analysis: Extending and Resisting Statistical Disclosure , 2004, Privacy Enhancing Technologies.

[86]  George Danezis,et al.  DP5: A Private Presence Service , 2015, Proc. Priv. Enhancing Technol..

[87]  David Wolinsky,et al.  Proactively Accountable Anonymous Messaging in Verdict , 2012, USENIX Security Symposium.