The Free Haven Project: Distributed Anonymous Storage Service

  • Roger Dingledine
  • Michael J. Freedman
  • David Molnar
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2009)


We present a design for a system of anonymous storage which resists the attempts of powerful adversaries to find or destroy any stored data. We enumerate distinct notions of anonymity for each party in the system, and suggest a way to classify anonymous systems based on the kinds of anonymity provided. Our design ensures the availability of each document for a publisher-specified lifetime. A reputation system provides server accountability by limiting the damage caused from misbehaving servers. We identify attacks and defenses against anonymous storage services, and close with a list of problems which are currently unsolved.


Expiration Date Reputation System Private Information Retrieval Reply Block Malicious Server 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Masayuki Abe. Universally verifiable mix-net with verification work independent of the number of servers. In Advances in Cryptology-EUROCRYPT’ 98, pages 437–447.Google Scholar
  2. 2.
  3. 4.
  4. 5.
    Adam Back. Re: another distributed project.
  5. 6.
    Oliver Berthold, Hannes Federrath, and Marit Kohntopp. Anonymity and unob-servability on the Internet. In Workshop on Freedom and Privacy by Design: CFP 2000, 2000.Google Scholar
  6. 7.
    Ran Canetti, Cynthia Dwork, Moni Naor, and Rafail Ostrovsky. Deniable encryption. In Advances in Cryptology-CRYPTO’ 97.Google Scholar
  7. 8.
    David Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 4(2), February 1982.Google Scholar
  8. 9.
    David Chaum. The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of Cryptology, 1:65–75, 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  9. 10.
    Yuan Chen, Jan Edler, Andrew Goldberg, Allan Gottlieb, Sumeet Sobti, and Peter Yianilos. A prototype implementation of archival intermemory. In Proceedings of the fourth ACM Conference on Digital libraries (DL’ 99), 1999.Google Scholar
  10. 11.
    Ian Clarke. The Free Network Project.
  11. 12.
    The Cleaner. Gnutella wall of shame.
  12. 13.
    Roger Dingledine. The Free Haven Project. Master’s thesis, MIT, 2000.Google Scholar
  13. 14.
    Roger Dingledine, Michael J. Freedman, and David Molnar. Accountability. In Peer-to-peer. O’Reilly and Associates, 2001.Google Scholar
  14. 15.
    Ian Hall-Beyer et. al. Gnutella.
  15. 16.
    Michael J. Freedman. Design and Analysis of an Anonymous Communication Channel for the Free Haven Project., May 2000.
  16. 17.
    Electronic Frontiers Georgia (EFGA). Anonymous remailer information.
  17. 18.
    Ian Goldberg and Adam Shostack. Freedom network 1.0 architecture, November 1999.Google Scholar
  18. 19.
    Ian Goldberg, David Wagner, and Eric Brewer. Privacy-enhancing technologies for the internet. In Proceedings of IEEE COMPCON’ 97.Google Scholar
  19. 20.
    O. Goldreich, S. Even, and Lempel. A randomized protocol for signing contracts. In Advances in Cryptology-CRYPTO’ 82.Google Scholar
  20. 21.
    Oded Goldreich. Modern Cryptography, Probabilistic Proofs, and Pseudo-Randomness. Springer-Verlag, 1999.Google Scholar
  21. 22.
    C. Gulcu and G. Tsudik. Mixing e-mail with Babel. In Proceedings of the ISOC Symposium on Network and Distributed System Security, pages 2–16, 1996.Google Scholar
  22. 23.
    Autonomous Zone Industries. Mojonation.
  23. 24.
    M. Jakobsson. Flash mixing. In Principles of Distributed Computing PODC’ 99.Google Scholar
  24. 25.
    M. Jakobsson. A practical mix. In Advances in Cryptology-EUROCRYPT’ 98.Google Scholar
  25. 26.
    Ari Juels and John Brainard. Client puzzles: A cryptographic defense against connection depletion attacks. In Proceedings of the 1999 Network and Distributed System Security Symposium, February 1999.Google Scholar
  26. 27.
    Clifford Kahn, David Black, and Paul Dale. MANET: Mobile agents for network trust., 1998.
  27. 28.
    Dogan Kesdogan, Jan Egner, and Roland Buschkes. Stop and go mixes: Providing probabilistic anonymity in an open system. In 1998 Information Hiding Workshop, pages 83–98.Google Scholar
  28. 29.
    Raph Levien. Advogato’s trust metric.
  29. 30.
    Mark Lewis. Metallica sues Napster, universities, citing copyright infringement and RICO violations.,Univ.html.
  30. 31.
    Tal Malkin. Private Information Retrieval. PhD thesis, MIT. see
  31. 33.
  32. 34.
    David Mazieres and M. Frans Kaashoek. The design and operation of an e-mail pseudonym server. In 5th ACM Conference on Computer and Communications Security, 1998.Google Scholar
  33. 35.
    S. Micali. Certified e-mail with invisible post-offices. In Talk at RSA’ 97.Google Scholar
  34. 37.
    University of Michigan News and Information Services. Yugoslav phone books: perhaps the last record of a people.
  35. 38.
    A. Pfitzmann, B. Pfitzmann, and M. Waidner. ISDN-Mixes: Untraceable communication with small bandwidth overhead. In GI/ITG Conference: Communication in Distributed Systems, pages 451–463. Springer-Verlag, 1991.Google Scholar
  36. 40.
    Michael O. Rabin. Efficient dispersal of information for security, load balancing, and fault tolerance, April 1989.Google Scholar
  37. 41.
    Michael K. Reiter and Aviel D. Rubin. Crowds: Anonymity for web transactions. DIMACS Technical Report, 97(15), April 1997.Google Scholar
  38. 42.
    Simon and Rackoff. Cryptographic defense against traffic analysis. In STOC 1993, pages 672–681, 1993.Google Scholar
  39. 43.
    Brian T. Sniffen. Trust Economies in the Free Haven Project., May 2000.
  40. 44.
    Markus Stadler. Publicly verifiable secret sharing. In EUROCRYPT’ 96, 1996.
  41. 45.
  42. 46.
    Paul Syverson and Stuart Stubblebine. Group principals and the formalization of anonymity. In World Congress on Formal Methods 1999, 1999.Google Scholar
  43. 47.
    P. F. Syverson, D. M. Goldschlag, and M. G. Reed. Anonymous connections and onion routing. In Proceedings of the 1997 IEEE Symposium on Security and Privacy, May 1997.Google Scholar
  44. 48.
    Vernor Vinge. True Names. Short story.Google Scholar
  45. 49.
    Marc Waldman, Aviel Rubin, and Lorrie Cranor. Publius: A robust, tamperevident, censorship-resistant and source-anonymous web publishing system.Google Scholar
  46. 50.
    Alma Whitten and J. D. Tygar. Why johnny can’t encrypt. In USENIX Security 1999, 1999.

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Roger Dingledine
    • 1
  • Michael J. Freedman
    • 1
  • David Molnar
    • 2
  1. 1.MITUSA
  2. 2.Harvard UniversityUSA

Personalised recommendations