Accountable Anonymous Group Messaging

arXiv:1004.3057v1 [cs.CR] 18 Apr 2010 Accountable Anonymous Group Messaging UNPUBLISHED DRAFT Henry Corrigan-Gibbs Yale University Bryan Ford Yale University ABSTRACT Users often wish to participate in online groups anonymously, but misbehaving users may abuse this anonymity to spam or disrupt the group. Messaging protocols such as Mix-nets and DC-nets leave online groups vulnerable to denial-of-service and Sybil attacks, while accountable voting protocols are unusable or inefficient for general anonymous messaging. We present the first general messaging protocol that offers provable anonymity with accountability for moderate-size groups, and efficiently handles unbalanced loads where few members have much data to transmit in a given round. The N group members first cooperatively shuffle an N × N ma- trix of pseudorandom seeds, then use these seeds in N “pre- planned” DC-nets protocol runs. Each DC-nets run trans- mits the variable-length bulk data comprising one member’s message, using the minimum number of bits required for anonymity under our attack model. The protocol preserves message integrity and one-to-one correspondence between members and messages, makes denial-of-service attacks by members traceable to the culprit, and efficiently handles large and unbalanced message loads. A working prototype demonstrates the protocol’s practicality for anonymous mes- saging in groups of 40+ member nodes. 1. INTRODUCTION Anonymous participation is often considered a basic right in free societies [39]. The limited form of anonymity the that Internet provides is a widely cherished feature [33, 37] that enables people and groups with controversial or un- popular views to communicate and organize without fear of personal reprisal [30]. In spite of its benefits, anonymity makes it difficult to trace or exclude misbehaving partici- pants [10]. Online protocols providing stronger anonymity, such as mix-networks [7, 18] and DC-nets [8, 28, 36] further weaken accountability and yield forums in which no content may be considered trustworthy and no defense is available against anonymous misbehavior. This paper focuses on providing anonymous messaging within small, private online groups. We assume a group’s membership is closed and known to its members; creating groups with secret membership is a related but orthogonal goal [34]. Members may wish to send messages to each other, to the whole group, or to a non-member, such that the re- ceiver knows that some member sent the message but no one knows which member. Members may also wish to cast secret ballots in votes held by the group, or to create pseudonyms under which to collaborate with other members. We also wish to hold members accountable, however: not by compromising their anonymity and allowing some author- ity or majority quorum to unmask a member whose messages prove unpopular, but rather by ensuring that no malicious member can abuse his (strong) anonymity to disrupt the group’s operation. For example, a malicious member should be unable to corrupt or block other members’ messages, overrun the group with spam, stuffballots, or create un- limited anonymous Sybil identities [14] or sock puppets [32] with which to bias or subvert the group’s deliberations. As a motivating example, suppose an international group of journalists wishes to form a “whistleblowing” publication like WikiLeaks [38]. To protect journalists and their sources more strongly than the world’s varied legal frameworks do, member journalists wish to submit leaked documents and re- lated information to the group anonymously. Members need assurance that powerful organizations or governments can- not trace the leak to an individual journalist or her source. The journalists wish to prove to their readers that leaked documents come via a trustworthy channel, namely one of the group’s known and reputable members, and not from an outsider. The group must be able to analyze and vet each document thoroughly before collectively approving it for publication. The group must protect its internal opera- tion and its members’ anonymity even from adversaries who have planted colluding spies within the group. And this se- curity must come at acceptable time and resource costs. We present an accountable anonymous messaging pro- tocol called Dissent (Dining-cryptographers Shuffled-Send Network), the first we know of with the properties needed in scenarios like the one above. Dissent provides provable integrity, anonymity, and accountability in the face of strong traffic analysis and compromised members, and an experi- mental prototype shows it to be efficient enough for latency- tolerant messaging in small but widely distributed groups. In contrast with mix-networks [7, 18] and DC-nets [8, 28, 36], Dissent implements a shuffled send primitive, where each group member sends exactly one message per round, making it usable for voting or assigning pseudonyms with a 1-to-1 correspondence to real group members. Unlike verifi- able cryptographic shu

…(Full text truncated)…

This content is AI-processed based on ArXiv data.