Some systems offer probabilistic anonymity. The degree of anonymity is considered and defined by Reiter and Rubin [1]. In this paper metrics are proposed to measure anonymity of probabilistic systems. The metric induces a topology on probabilistic applied π processes, which are used to model anonymous systems. The degree of anonymity is formally defined, and as an illustrating example, Crowds – an anonymous system for web transaction – is analyzed.


Probabilistic applied π calculus anonymity metric Crowds 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Reiter, M., Rubin, A.: Crowds: anonymity for Web transactions. ACM Transactions on Information and System Security 1(1), 66–92 (1998)CrossRefGoogle Scholar
  2. 2.
    Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. Auscrypt. 92, 244–251 (1993)zbMATHGoogle Scholar
  3. 3.
    Chaum, D., Fiat, A., Naor, M.: Untraceable electronic cash. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 319–327. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  4. 4.
    Chothia, T.: Analysing the Mute Anonymous File-sharing System Using the Pi Calculus. In: Proceedings of the 26th Conference on Formal Methods for Networked and Distributed Systems. LNCS. Springer, Heidelberg (2006)Google Scholar
  5. 5.
    Deng, Y., Palamidessi, C., Pang, J.: Weak Probabilistic Anonymity. Electronic Notes in Theoretical Computer Science 180(1), 55–76 (2007)CrossRefzbMATHGoogle Scholar
  6. 6.
    Shmatikov, V.: Probabilistic model checking of an anonymity system. Journal of Computer Security 12(3/4), 355–377 (2004)CrossRefzbMATHGoogle Scholar
  7. 7.
    Halpern, J.: Anonymity and Information Hiding in Multiagent Systems. Journal of Computer Security 13(3), 483–514 (2005)CrossRefGoogle Scholar
  8. 8.
    Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Lowe, G.: Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR. Software - Concepts and Tools 17(3), 93–102 (1996)Google Scholar
  10. 10.
    Abadi, M., Gordon, A.: A Calculus for Cryptographic Protocols: The Spi Calculus. In: Proceedings of 4th ACM Conference on Computer and Communications Security, pp. 36–47 (1997),
  11. 11.
    Abadi, M., Fournet, C.: Mobile Values, New Names, and Secure Communication. In: Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pp. 104–115. ACM Press, New York (2001)Google Scholar
  12. 12.
    Abadi, M., Blanchet, B., Fournet, C.: Just fast keying in the pi calculus. In: Schmidt, D. (ed.) ESOP 2004. LNCS, vol. 2986, pp. 340–354. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Fournet, C., Abadi, M.: Hiding names: Private authentication in the applied pi calculus. In: Okada, M., Pierce, B.C., Scedrov, A., Tokuda, H., Yonezawa, A. (eds.) ISSS 2002. LNCS, vol. 2609, pp. 317–338. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Luo, Z., Cai, X., Pang, J., Deng, Y.: Analyzing an electronic cash protocol using applied pi calculus. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 87–103. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Goubault-Larrecq, J., Palamidessi, C., Troina, A.: A probabilistic applied pi–calculus. In: Shao, Z. (ed.) APLAS 2007. LNCS, vol. 4807, pp. 175–190. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  16. 16.
    Deng, Y., Chothia, T., Palamidessi, C., Pang, J.: Metrics for Action-labelled Quantitative Transition Systems. ENTCS 153(2), 79–96 (2006)Google Scholar
  17. 17.
    Desharnais, J., Gupta, V., Jagadeesan, R., Panangaden, P.: Metrics for labelled Markov processes. Theoretical Computer Science 318(3), 323–354 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Desharnais, J., Jagadeesan, R., Gupta, V., Panangaden, P.: The metric analogue of weak bisimulation for probabilistic processes. In: Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science, pp. 413–422 (2002)Google Scholar
  19. 19.
    Kremer, S., Ryan, M.D.: Analysis of an electronic voting protocol in the applied pi calculus. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 186–200. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. 20.
    Pfitzmann, A., Köhntopp, M.: Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 1–9. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  21. 21.
    Berthold, O., Langos, H.: Dummy traffic against long term intersection attacks. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 110–128. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Xiaojuan Cai
    • 1
  • Yonggen Gu
    • 2
  1. 1.BASICS Lab, Department of Computer ScienceShanghai Jiao Tong UniversityShanghaiChina
  2. 2.Department of Computer ScienceHuzhou Teacher CollegeZhejiangChina

Personalised recommendations