Confidential gossip


Epidemic gossip has proven a reliable and efficient technique for sharing information in a distributed network. Much of this reliability and efficiency derives from processes collaborating, sharing the work of distributing information. As a result of this collaboration, processes may receive information that was not originally intended for them. For example, some process may act as an intermediary, aggregating and forwarding messages from some set of sources to some set of destinations. But what if rumors are confidential? In that case, only processes that were originally intended to receive the rumor should be allowed to learn the rumor. This blatantly contradicts the basic premise of epidemic gossip, which assumes that processes can collaborate. In fact, if only processes in a rumor’s “destination set” participate in gossiping that rumor, we show that high message complexity is unavoidable. A natural approach is to rely on cryptography, for example, assuming that each process has a well-known public-key that can be used to encrypt the rumor. In a dynamic system, with changing sets of destinations, such a process seems potentially expensive. In this paper, we propose a scheme in which each rumor is broken into multiple fragments using a very simple coding scheme; any given fragment provides no information about the rumor, while together, the fragments can be reassembled into the original rumor. The processes collaborate in disseminating the rumor fragments in such a way that no process outside of a rumor’s destination set ever receives all the fragments of a rumor, while every process in the destination set eventually learns all the fragments. Notably, our solution operates in an environment where rumors are dynamically and continuously injected into the system and processes are subject to crashes and restarts. In addition, the presented scheme can tolerate a moderate amount of collusions among curious processes without a substantial increase in cost; curious processes are non-malicious processes that are not in a rumor’s destination set, and still want to learn the rumor (that is, collect all fragments of the rumor).

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7


  1. 1.

    Notice that this does not allow other algebraic manipulation of the rumor, as in “network coding” techniques.


  1. 1.

    Baehni, S., Eugster, P.T., Guerraoui, R.: Data-aware multicast. In: DSN 233–242 (2004)

  2. 2.

    Ballardie, A.J.: A New Approach to Multicast Communication in a Datagram Network. Ph.D. Thesis, University College London (1995)

  3. 3.

    Beimel, A., Nissim, K., Omri, E.: Distributed private data analysis. In: CRYPTO, pp. 451–468 (2008)

  4. 4.

    Brickell, J., Shmatikov, V.: Privacy-preserving graph algorithms in the semi-honest model. In: ASIACRYPT, pp. 236–252 (2005)

  5. 5.

    Canetti, R., Garay, J., Itkis, G., Micciancio, D., Naor, M., Pinkas, B.: Multicast security: a taxonomy and some efficient constructions. In: INFOCOM, pp. 708–716 (1999)

  6. 6.

    Chlebus, B.S., Kowalski, D.R.: Time and communication efficient consensus for crash failures. In: DISC, pp. 314–328 (2006)

  7. 7.

    Chockler, G., Melamed, R., Tock, Y., Vitenberg, R.: SpiderCast: a scalable interest-aware overlay for topic-based pub/sub communication. In: DEBS, pp. 14–25 (2007)

  8. 8.

    Chockler, G., Melamed, R., Tock, Y., Vitenberg, R.: Constructing scalable overlays for pub/sub with many topics. In: PODC, pp. 109–118 (2007)

  9. 9.

    Delposte-Gallet, G., Fauconnier, H., Guerraoui, R., Ruppert, E.: Secretive birds: privacy in population protocols. In: OPODIS, pp. 329–342 (2007)

  10. 10.

    Doerr, B., Friedrich, T., Sauerwald, T.: Quasirandom rumor spreading: expanders, push vs pull, and robustness. In: ICALP, pp. 366–377 (2009)

  11. 11.

    Fernandess, Y., Malkhi, D.: On spreading recommendations via social gossip. In: SPAA, pp. 91–97 (2008)

  12. 12.

    Fiat, A., Naor, M.: Broadcast encryption. In: CRYPTO, pp. 480–491 (1993)

  13. 13.

    Georgiou, Ch., Gilbert, S., Kowalski, D.R.: Meeting the deadline: on the complexity of fault-tolerant continuous gossip. Distrib. Comput. 24(5), 223–244 (2011). (A preliminary version appears in PODC 2010, pp. 247–256)

  14. 14.

    Georgiou, Ch., Gilbert, S., Guerraoui, R., Kowalski, D.R.: Asynchronous gossip. J. ACM 60(2), article 11 (2013)

  15. 15.

    Goldreich, O.: Foundations of Cryptography: Volume II (Basic Applications). Cambridge University Press, Cambridge (2004)

    Google Scholar 

  16. 16.

    Gupta, I., Kermarrec, A.M., Ganesh, A.J.: Efficient epidemic-style protocols for reliable and scalable multicast. In: SRDS, pp. 180–189 (2002)

  17. 17.

    Hromkovic, J., Klasing, R., Pelc, A., Ruzika, P., Unger, W.: Dissemination of Information in Communication Networks: Broadcasting, Gossiping, Leader Election, and Fault-Tolerance. Springer, Berlin (2005)

    Google Scholar 

  18. 18.

    Johansen, H.D., Allavena, A., van Renesse, R.: Fireflies: scalable support for intrusion-tolerant network overlays. In: EuroSys, pp. 3–13 (2006)

  19. 19.

    Karp, R., Schindelhauer, C., Shenker, S., Vocking, B.: Randomized rumor spreading. In: FOCS, pp. 565–574 (2000)

  20. 20.

    Kempe, D., Kleinberg, J., Demers, A.: Spatial gossip and resource location protocols. J. ACM 51, 943–967 (2004)

    MathSciNet  Article  Google Scholar 

  21. 21.

    Kermarrec, A., Massoulie, L., Ganesh, A.: Probabilistic reliable dissemination in large-scale systems. IEEE Trans. Parallel Distrib. Syst. 14(3), 248–258 (2003)

    Article  Google Scholar 

  22. 22.

    Kissner, L., Song, D.: Privacy-preserving set operations. In: CRYPTO, pp. 241–257 (2005)

  23. 23.

    Kowalski, D.R., Strojnowski, M.: On the communication surplus incurred by faulty processors. In: DISC, pp. 328–342 (2007)

  24. 24.

    Lindell, Y., Pinkas, B.: Privacy preserving data mining. J. Cryptol. 15(3), 177–206 (2002)

    MathSciNet  Article  Google Scholar 

  25. 25.

    Malkhi, D., Mansour, Y., Reiter, M.K.: Diffusion without false rumors: on propagating updates in a Byzantine environment. Theor. Comput. Sci. 299, 289–306 (2003)

    MathSciNet  Article  Google Scholar 

  26. 26.

    Micciancio, D., Panjwani, S.: Corrupting one vs. corrupting many: the case of broadcast and multicast encryption. In: ICALP, pp. 70–82 (2006)

  27. 27.

    Minsky, Y.M., Schneider, F.B.: Tolerating malicious gossip. Distrib. Comput. 16, 49–68 (2003)

    Article  Google Scholar 

  28. 28.

    Mittra, S.: Iolus: a framework for scalable secure multicasting. SIGCOMM Comput. Commun. Rev. 27(4), 277–288 (1997)

    Article  Google Scholar 

  29. 29.

    Multicast Security. Accessed 2 Aug 2019

  30. 30.

    Onus, M., Richa, A.W.: Minimum maximum degree pub/sub overlay network design. In: INFOCOM, pp. 882–890 (2009)

  31. 31.

    Pang, J., Zhang, C.: How to work with honest but curious judges? In: Proceedings of 7th international workshop on security issues in concurrency, pp. 31–45 (2009)

  32. 32.

    Panjwani, S.: Tackling adaptive corruptions in multicast encryption protocols. In: TCC, pp. 21–40 (2007)

  33. 33.

    Pelc, A.: Fault-tolerant broadcasting and gossiping in communication networks. Networks 28, 143–156 (1996)

    MathSciNet  Article  Google Scholar 

  34. 34.

    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    MathSciNet  Article  Google Scholar 

  35. 35.

    Sherman, A.T., McGrew, D.A.: Key establishment in large dynamic groups using one-way function trees. IEEE Trans. Softw. Eng. 29(5), 444–458 (2003)

    Article  Google Scholar 

  36. 36.

    Stinson, D.R.: Cryptography: Theory and Practice, 3rd edn. CRC Press, Cambridge (2005)

    Google Scholar 

  37. 37.

    Wong, C.K., Gouda, M., Lam, S.: Secure group communications using key graphs. IEEE/ACM Trans. Netw. 8(1), 16–30 (2000)

    Article  Google Scholar 

  38. 38.

    Xu, G., Amariucai, G., Guan, Y.: Delegation of computation with verification outsourcing: curious verifiers. In: PODC, pp. 393–402 (2013)

  39. 39.

    Yao, A.C.: Protocols for secure computations. In: FOCS, pp. 160–164 (1982)

Download references


The authors would like to thank the anonymous reviewers that have helped them to significantly improve the presentation of the results.

Author information



Corresponding author

Correspondence to Chryssis Georgiou.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

A preliminary version of this paper has appeared in the proceedings of ICDCS 2011. This research was supported by funds for the promotion of research at the University of Cyprus (CG-RA2019), by the Singapore MOE Grant MOE2018-T2-1-160, and by the Polish National Science Center (NCN) under Grant No. UMO-2017/25/B/ST6/02553.

Appendix: Detailed pseudocode of algorithm ConGos

Appendix: Detailed pseudocode of algorithm ConGos

In this section we present the detail pseudocode for algorithm ConGos. In particular we give a separate pseudocode for each service of the algorithm at a process i. Figure 8 describes the operation of the \(\mathsf{ConfidentialGossip}\) service which is the main control of the algorithm. It basically coordinates the other services that run in parallel: \(\mathsf{Proxy}\) (Fig. 9), \(\mathsf{GroupDistribution}\) (Fig. 10) and \(\mathsf{Filter}\) (Fig. 11); the code for these services is given for a certain partition \(\ell \).

Fig. 8

Main protocol at process i

Fig. 9

Proxy search at process i for partition \(\ell \)

Fig. 10

Rumor distribution between groups at process i for partition \(\ell \)

As mentioned before, a non-confidential Continuous Gossip service (protocol) is assumed (e.g., the one presented in [13]), which guarantees rumor dissemination within a specified deadline. \(\mathsf{GroupGossip}[\ell ]\) refers to an instance of the service for partition \(\ell \) that is filtered (from the \(\mathsf{Filter}[\ell ]\) service) in restricting rumor disseminations in certain process groups. \(\mathsf{AllGroup}\) refers to an instance of the gossip service for partition \(\ell \) that it is not filtered (hence rumors are sent to all processes in [n]).

We now explain the operation of the function \(\mathbf random-split \) used in line 14 of the \(\mathsf{ConfidentialGossip}\) service (Fig. 8). Recall that a rumor r is a tuple (zdD) where r.z is the data to be disseminated, r.d the deadline and r.D the rumor destination set (only processes in the set must learn r). Once the function is executed, rumor \(r_0\) has as \(r_0.z\) the tuple \(\langle z_0,r.D,counter \rangle \), \(r_0.d=\sqrt{{ dline}/6}\), and \(r_0.D=[n]\). Rumor \(r_1\) is similar (\(r_1.z\) contains \(z_1\) and not \(z_0\)). As explained before, \(z_0\) is a random binary string and \(z_1 = z\mathbf {XOR}z_0\). Note that r is split differently for each partition \(\ell \). The function \(\mathbf merge \) in line 32 of the \(\mathsf{ConfidentialGossip}\) service works reversely to reconstruct a rumor from its two fragments. We will be using the notation rumor.z.D to denote the original destination set of a rumor (which rumor is a fragment of it) and rumor.z.cnt the value of the counter that the rumor was assigned upon injection into the source process. See for example lines 27 and 28 of the \(\mathsf{GroupDistribution}\) service (Fig. 10).

Fig. 11

Filter \(\ell \) at process i

Throughout the codes, we denote by R the data type which is a set representing all rumors, that is, all rumors of the form \(\langle z,d,D \rangle \). We also consider \(round\in \mathbb {Z}\) to be a global counter representing time (round numbers), taken from the global clock.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Georgiou, C., Gilbert, S. & Kowalski, D.R. Confidential gossip. Distrib. Comput. 33, 367–392 (2020).

Download citation


  • Confidentiality
  • Collusion
  • Randomized gossip
  • Fault-tolerance
  • Dynamic rumor injection
  • Message complexity