The Wisdom of Crowds: Attacks and Optimal Constructions

  • George Danezis
  • Claudia Diaz
  • Emilia Käsper
  • Carmela Troncoso
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5789)


We present a traffic analysis of the ADU anonymity scheme presented at ESORICS 2008, and the related RADU scheme. We show that optimal attacks are able to de-anonymize messages more effectively than believed before. Our analysis applies to single messages as well as long term observations using multiple messages. The search of a “better” scheme is bound to fail, since we prove that the original Crowds anonymity system provides the best security for any given mean messaging latency. Finally we present D-Crowds, a scheme that supports any path length distribution, while leaking the least possible information, and quantify the optimal attacks against it.


  1. 1.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 4(2) (February 1981)Google Scholar
  2. 2.
    Diaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Diaz, C., Troncoso, C., Danezis, G.: Does additional information always reduce anonymity? In: Yu, T. (ed.) Proceedings of the 6th ACM workshop on Privacy in the electronic society (WPES 2007), Alexandria,VA, USA, pp. 72–75. ACM, New York (2007)CrossRefGoogle Scholar
  4. 4.
    Muñoz Gea, J.P., Malgosa-Sanahuja, J., Manzanares-Lopez, P., Sanchez-Aarnoutse, J.C., Garcia-Haro, J.: A low-variance random-walk procedure to provide anonymity in overlay networks. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 238–250. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Reiter, M., Rubin, A.: Crowds: Anonymity for web transactions. ACM Transactions on Information and System Security 1(1), 66–92 (1998)CrossRefGoogle Scholar
  6. 6.
    Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Wright, M.K., Adler, M., Levine, B.N., Shields, C.: The predecessor attack: An analysis of a threat to anonymous communications systems. ACM Transactions on Information and System Security (TISSEC) 7(4), 489–522 (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • George Danezis
    • 1
  • Claudia Diaz
    • 2
  • Emilia Käsper
    • 2
  • Carmela Troncoso
    • 2
  1. 1.Microsoft Research CambridgeUK
  2. 2.K.U. Leuven/IBBT, ESAT/SCD-COSICBelgium

Personalised recommendations