[tor-talk] Strong anonymization in a fixed group of participants

Edward Z. Yang ezyang at MIT.EDU
Mon Aug 6 15:39:37 UTC 2012


Hello all,

I've been experimenting with protocols for solving the following
problem:

    A small (N = 10 to 100), fixed group of participants would each like to publish
    a random, fixed length string to the other participants, without revealing
    who the string came from (except that it came from one of the participants
    in the group).

The attack model is as follows: we make no attempt to stop denial of
service attacks, and we allow leakage of who the random fixed length
string originated from *as long as* the participant whose identity
was leaked finds out immediately.

I have a nifty solution that involves secure multi-party computation,
but there is a much simpler solution that involves Tor:

    1. Once the fixed group of participants is determined, have one
       leader listen for N random strings on a Tor address

    2. Each participant acquires a new Tor circuit, waits a random
       interval of time, and then submits their string to the leader.

    3. Once all the random strings have been received by the leader,
       he broadcasts the result on a public channel.

    4. Each client verifies that their random string is in the
       list; if it is not, they abort the protocol.

I was chatting with some of my friends about this protocol, and one
of their big skepticisms was whether or not the Tor protocol was
designed for this case (a few bits of deanonymization is not a big
deal in the context of all of Tor, but it is a big deal when the
group of participants is small).  So I was wondering if the denizens
on this list had any relevant information or advice about this.

Cheers,
Edward


More information about the tor-talk mailing list