Proactively Accountable Anonymous Messaging in Verdict | Corrigan-Gibbs, Wolinsky, Ford

Henry Corrigan-Gibbs, David Isaac Wolinsky, Bryan Ford (Yale); Proactively Accountable Anonymous Messaging in Verdict; In Proceedings of the 22nd USENIX Security Symposium; 2013-08-14.; 16 pages; extended paper, 24 pages; landing


Among anonymity systems, DC-nets have long held attraction for their resistance to traffic analysis attacks, but practical implementations remain vulnerable to internal disruption or “jamming” attacks, which require time-consuming detection procedures to resolve. We present Verdict, the first practical anonymous group communication system built using proactively verifiable DC-nets: participants use public-key cryptography to construct DC-net ciphertexts, and use zero-knowledge proofs of knowledge to detect and exclude misbehavior before disruption. We compare three alternative constructions for verifiable DC-nets: one using bilinear maps and two based on simpler ElGamal encryption. While verifiable DC-nets incur higher computational overheads due to the public-key cryptography involved, our experiments suggest that Verdict is practical for anonymous group messaging or microblogging applications, supporting groups of 100 clients at 1 second per round or 1000 clients at 10 seconds per round. Furthermore, we show how existing symmetric-key DC-nets can “fall back” to a verifiable DC-net to quickly identify misbehavior, speeding up previous detections schemes by two orders of magnitude.


  • Verdict builds on Dissent.
  • DeterLab testbed
  • DeDiS/Dissent at github
  • Related
    • Crowds
    • Dissent
    • Herbivore
    • LAP
    • Mixminion
    • Tarzan
    • Tor
  • Algorithms
    • AES
    • Golle-Juels
    • ElGamal
    • Eliptic Curve Groups
    • Neff proof-of-knowledge
    • PRNG
    • Schnorr
    • XOR

Via backfill