Comprehensive Anonymity Trilemma: User Coordination is not enough

Debajyoti Das 1 , Sebastian Meiser 2 , Esfandiar Mohammadi 3 ,  and Aniket Kate 4
  • 1 Purdue University,
  • 2 Visa Research,
  • 3 Universitaet zu Luebeck,
  • 4 Purdue University,


For anonymous communication networks (ACNs), Das et al. recently confirmed a long-suspected trilemma result that ACNs cannot achieve strong anonymity, low latency overhead and low bandwidth overhead at the same time. Our paper emanates from the careful observation that their analysis does not include a relevant class of ACNs with what we call user coordination where users proactively work together towards improving their anonymity. We show that such protocols can achieve better anonymity than predicted by the above trilemma result. As the main contribution, we present a stronger impossibility result that includes all ACNs we are aware of. Along with our formal analysis, we provide intuitive interpretations and lessons learned. Finally, we demonstrate qualitatively stricter requirements for the Anytrust assumption (all but one protocol party is compromised) prevalent across ACNs.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] N. Alexopoulos, A. Kiayias, R. Talviste, and T. Zacharias, MCMix: Anonymous Messaging via Secure Multiparty Computation, in Proceedings of the 26th USENIX Security Symposium, USENIX Association, 2017, pp. 1217–1234.

  • [2] M. Ando, A. Lysyanskaya, and E. Upfal, Practical and Provably Secure Onion Routing, in Proceedings of the 45th International Colloquium on Automata, Languages, and Programming (ICALP), Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 2018, pp. 144:1–144:14.

  • [3], On the Complexity of Anonymous Communication Through Public Networks, CoRR arXiv, abs/1902.06306 (2019).

  • [4] S. Angel and S. Setty, Unobservable Communication over Fully Untrusted Infrastructure, in Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (OSDI), USENIX Association, 2016, pp. 551–569.

  • [5] G. R. Blakley and C. Meadows, Security of ramp schemes, in Advances in Cryptology, 1985, pp. 242–268.

  • [6] Z. Brakerski, C. Gentry, and V. Vaikuntanathan, (leveled) fully homomorphic encryption without bootstrapping, in Proceedings of the 3rd Innovations in Theoretical Computer Science (ITCS) Conference, 2012, pp. 309–325.

  • [7] D. Chaum, Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms, Communications of the ACM, 4 (1981), pp. 84–88.

  • [8] D. Chaum, The dining cryptographers problem: Unconditional sender and recipient untraceability, Journal of Cryptology, 1 (1988), pp. 65–75.

  • [9] C. Chen, D. E. Asoni, D. Barrera, G. Danezis, and A. Perrig, HORNET: High-speed onion routing at the network layer, in Proc. ACM Conference on Computer and Communications Security (CCS), 2015, pp. 1441–1454.

  • [10] H. Corrigan-Gibbs, D. Boneh, and D. Mazières, Riposte: An anonymous messaging system handling millions of users, in Proc. 36th IEEE Symposium on Security and Privacy (S&P 2015), 2015, pp. 321–338.

  • [11] G. Danezis, C. Diaz, C. Troncoso, and B. Laurie, Drac: An architecture for anonymous low-volume communications, in Proc. 10th Privacy Enhancing Technologies Symposium (PETS 2010), 2010.

  • [12] D. Das, S. Meiser, E. Mohammadi, and A. Kate, Anonymity trilemma: Strong anonymity, low bandwidth overhead, low latency - choose two, in 2018 IEEE Symposium on Security and Privacy (SP), May 2018, pp. 108–126. extended version under

  • [13] R. Dingledine, N. Mathewson, and P. Syverson, Tor: The Second-Generation Onion Router, in Proc. 13th USENIX Security Symposium (USENIX), 2004, pp. 303–320.

  • [14], Tor: The second-generation onion router, in Proc. 13th USENIX Security Symposium, 2004.

  • [15] N. Gelernter and A. Herzberg, On the limits of provable anonymity, in Proc. Workshop on Privacy in the Electronic Society (WPES 2013), 2013, pp. 225–236.

  • [16] S. Goel, M. Robson, M. Polte, and E. Sirer, Herbivore: A scalable and efficient protocol for anonymous communication, (2003).

  • [17] P. Golle and A. Juels, Dining cryptographers revisited, in Proc. of Eurocrypt 2004, 2004.

  • [18] A. Hevia and D. Micciancio, An indistinguishabilitybased characterization of anonymous channels, in Proc. Eighth International Symposium on Privacy Enhancing Technologies (PETS 2008), N. Borisov and I. Goldberg, eds., 2008, pp. 24–43.

  • [19] K. Jensen, Colored Petri Nets. Basic Concepts, Analysis Methods and Practical Use., vol. 3, 1997.

  • [20] D. Kesdogan, J. Egner, and R. Büschkes, Stop-and-go MIXes: Providing probabilistic anonymity in an open system, in Proc. Information Hiding Workshop (IH 1998), 1998.

  • [21] L. M. Kristensen, S. Christensen, and K. Jensen, The practitioner’s guide to coloured petri nets, International Journal on Software Tools for Technology Transfer (STTT), 2 (1998), pp. 98–132.

  • [22] A. Kwon, D. Lazar, S. Devadas, and B. Ford, Riffle: An efficient communication system with strong anonymity, Proceedings on Privacy Enhancing Technologies, 2016 (2016), pp. 115–134.

  • [23] D. Lazar and N. Zeldovich, Alpenhorn: Bootstrapping secure communication without leaking metadata, (2016).

  • [24] S. Le Blond, D. Choffnes, W. Caldwell, P. Druschel, and N. Merritt, Herd: A Scalable, Traffic Analysis Resistant Anonymity Network for VoIP Systems, in Proc. ACM Conference on Special Interest Group on Data Communication (SIGCOMM 2015), 2015, pp. 639–652.

  • [25] M. Backes, A. Kate, P. Manoharan, S. Meiser, and E. Mohammadi, AnoA: A Framework For Analyzing Anonymous Communication Protocols, Journal of Privacy and Confidentiality (JPC), 7(2) (2016).

  • [26] P. Mittal, M. Wright, and N. Borisov, Pisces: Anonymous communication using social networks, in Proc. 20th Network and Distributed System Security Symposium (NDSS 2013), 2013.

  • [27] S. Oya, C. Troncoso, and F. Pérez-González, Do dummies pay off? limits of dummy traffic protection in anonymous communications, in Proc. 14th Privacy Enhancing Technologies Symposium (PETS 2014), 2014.

  • [28] A. Piotrowska, J. Hayes, T. Elahi, S. Meiser, and G. Danezis, The loopix anonymity system, in Proc. 26th USENIX Security Symposium, 2017.

  • [29] M. G. Reed, P. F. Syverson, and D. M. Goldschlag, Anonymous Connections and Onion Routing, IEEE J-SAC, 16 (1998), pp. 482–494.

  • [30] W. Reisig, Primer in Petri Net Design, 1st ed., 1992.

  • [31] T. Ruffing, P. Moreno-Sanchez, and A. Kate, P2P Mixing and Unlinkable Bitcoin Transactions, in Proc. 25th Annual Network & Distributed System Security Symposium (NDSS), 2017.

  • [32] J. van den Hooff, D. Lazar, M. Zaharia, and N. Zeldovich, Vuvuzela: Scalable private messaging resistant to traffic analysis, in Proc. 25th ACM Symposium on Operating Systems Principles (SOSP 2015), 2015.

  • [33] D. I. Wolinsky, H. Corrigan-Gibbs, B. Ford, and A. Johnson, Dissent in Numbers: Making Strong Anonymity Scale, in 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI 12), 2012, pp. 179–182.


Journal + Issues