Probabilistic Anonymity Via Coalgebraic Simulations

There is a growing concern about anonymity and privacy on the Internet, resulting in lots of work on formalization and verification of anonymity. Especially, the importance of probabilistic aspect of anonymity is claimed recently by many authors. Several different notions of “probabilistic anonymity” have been studied so far, but proof methods for such probabilistic notions are not yet elaborated. In this paper we introduce a simulation-based proof method for one notion of probabilistic anonymity introduced by Bhargava and Palamidessi, called strong probabilistic anonymity. The method is a probabilistic adaptation of the one by Kawabe, Sakurada et al. for non-deterministic anonymity: anonymity of a protocol is proved by finding out a forward/backward simulation between certain automata. For the jump from non-determinism to probability we exploit a generic, coalgebraic theory of traces and simulations developed by Hasuo, Jacobs and Sokolova. In particular, an appropriate notion of probabilistic simulation is obtained as an instantiation of the generic definition, for which soundness theorem comes for free. Additionally, we show how we can use a similar idea to verify a weaker notion of probabilistic anonymity called probable innocence.