Discussing Anonymity Metrics for Mix Based Anonymity Approaches

  • Dang Vinh Pham
  • Joss Wright
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 309)


Today the Chaumian Mix idea is not only an academic approach for anonymous communication, it is also a practical system with many variants used in real-world scenarios. It is therefore important to find an appropriate measure for the anonymity provided by these approaches. Many measurement approaches have been proposed that consider only the static state of the system without accounting for past and future information. Still other measurements evaluate only statistics. These measurements have in common that they do not measure when the anonymity function of the system is broken. Inspired by the idea of unicity distance in cryptography, and the mean time to failure in dependable systems, we believe that measuring the point at which the system fails to hide the relation between a sender and a receiver is a more appropriate measure of its anonymity. In this paper, we discuss our arguments with respect to existing measurement approaches.


Full Disclosure Cipher Text Communication Round Brute Force Attack Anonymous Communication 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Chaum, D.L.: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Communications of the ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  2. 2.
    Camenisch, J., Lysyanskaya, A.: An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Hiding Routing Information. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 137–150. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  4. 4.
    Shannon, C.E.: Communication theory of secrecy systems. Bell Syst. Tech. J 28, 656–715 (1949)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Kesdogan, D., Pimenidis, L.: The Hitting Set Attack on Anonymity Protocols. In: Fridrich, J. (ed.) IH 2004. LNCS, vol. 3200, pp. 326–339. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Kesdogan, D., Agrawal, D., Pham, V., Rauterbach, D.: Fundamental Limits on the Anonymity Provided by the Mix Technique. In: IEEE Symposium on Security and Privacy (2006)Google Scholar
  7. 7.
    Pham, V.: Analysis of the Anonymity Set of Chaumian Mixes. In: 13th Nordic Workshop on Secure IT-Systems (October 2008)Google Scholar
  8. 8.
    Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards Measuring Anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Edman, M., Sivrikaya, F., Yener, B.: A Combinatorial Approach to Measuring Anonymity, pp. 356–363 (2007)Google Scholar
  10. 10.
    Danezis, G.: Statistical Disclosure Attacks: Traffic Confirmation in Open Environments. In: Gritzalis, V., Samarati, K. (eds.) Proceedings of Security and Privacy in the Age of Uncertainty (SEC2003), Athens, IFIP TC11, pp. 421–426. Kluwer, Dordrecht (2003)CrossRefGoogle Scholar
  11. 11.
    Padlipsky, M.A., Snow, D.W., Karger, P.A.: Limitations of End-to-End Encryption in Secure Computer Networks. Technical Report ESD-TR-78-158, Hanscom AFB, MA (August 1978)Google Scholar
  12. 12.
    Pfitzmann, A.: Diensteintegrierende Kommunikationsnetze mit teilnehmerüberprüfbarem Datenschutz. Informatik-Fachberichte, vol. 234 (1990)Google Scholar
  13. 13.
    Serjantov, A., Danezis, G.: Towards an Information Theoretic Metric for Anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 259–263. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Denning, D.E.R.: Cryptography and data security. Addison-Wesley Longman Publishing Co., Inc., Boston (1982)zbMATHGoogle Scholar
  15. 15.
    Kesdogan, D., Agrawal, D., Penz, S.: Limits of Anonymity in Open Environments. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 53–69. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  16. 16.
    Mathewson, N., Dingledine, R.: Practical Traffic Analysis: Extending and Resisting Statistical Disclosure. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 17–34. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. 17.
    Troncoso, C., Gierlichs, B., Preneel, B., Verbauwhede, I.: Perfect matching disclosure attacks. In: Borisov, N., Goldberg, I. (eds.) PETS 2008. LNCS, vol. 5134, pp. 2–23. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  18. 18.
    Chaum, D.: The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of Cryptology 1, 65–75 (1988)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  20. 20.
    Diaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. 21.
    Diaz, C., Sassaman, L., Dewitte, E.: Comparison between two practical mix designs. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 141–159. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  22. 22.
    Möller, U., Cottrell, L., Palfrader, P., Sassaman, L.: Mixmaster Protocol — Version 2. IETF Internet Draft (July 2003)Google Scholar
  23. 23.
    Wright, J.: Characterising Anonymity Systems. PhD thesis, Department of Computer Science, University of York, York (November 2007)Google Scholar
  24. 24.
    Chatzikokolakis, K.: Probabilistic and Information-Theoretic Approaches to Anonymity. PhD thesis, Laboratoire d’Informatique (LIX), École Polytechnique, Paris (October 2007)Google Scholar
  25. 25.
    Kesdogan, D., Pimenidis, L.: The Lower Bound of Attacks on Anonymity Systems – A Unicity Distance Approach. In: First Workshop on Quality of Protection (September 2005)Google Scholar
  26. 26.
    Pham, V., Kesdogan, D.: A Combinatorial Approach for an Anonymity Metric. In: Australasian Conference on Information Security and Privacy, ACISP 2009 (2009)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2009

Authors and Affiliations

  • Dang Vinh Pham
    • 1
  • Joss Wright
    • 1
  1. 1.Siegen UniversitySiegenGermany

Personalised recommendations