Riffle: An Efficient Communication System With Strong Anonymity

Anonymous communication is an important part of democratic societies and freedom of speech. Whistleblowers, protest organizers, and, more broadly, anyone with controversial viewpoints have been using the limited form of anonymity the Internet provides to protect their privacy. Unfortunately, the basic anonymity the Internet guarantees is too weak to protect their identities from even the weakest adversaries. As a result, more and more users have adopted privacy enhancing technologies to protect themselves. All existing anonymity systems, however, sacrifice anonymity for efficient communication or vice-versa. Onion-routing achieves low latency, high bandwidth, and scalable anonymous communication, but is susceptible to traffic analysis attacks. Designs based on DC-Nets, on the other hand, protect the users against traffic analysis attacks, but sacrifice bandwidth. Verifiable mixnets maintain strong anonymity with low bandwidth overhead, but suffer from high computation overhead instead. In this thesis, we present Riffle, a bandwidth and computation efficient communication system with strong anonymity. Riffle consists of a small set of anonymity servers and a large number of users, and guarantees anonymity as long as there exists at least one honest server. Riffle uses a new hybrid verifiable shuffle technique and private information retrieval for bandwidthand computation-efficient anonymous communication. We have evaluated Riffle in two different applications: file sharing and microblogging. Our evaluation shows that Riffle can achieve a bandwidth of over 100KB/s per user in an anonymity set of 200 users in the case of file sharing, and handle over 100,000 users with less than 10 second latency in the case of microblogging. Thesis Supervisor: Srini Devadas Title: Edwin Sibley Webster Professor of Electrical Engineering and Computer Science