The dining cryptographers problem: unconditional sender and recipient untraceability
Journal of Cryptology
Randomized algorithms
Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
Stochastic Finite Learning of the Pattern Languages
Machine Learning
SAGA '01 Proceedings of the International Symposium on Stochastic Algorithms: Foundations and Applications
The hitting set attack on anonymity protocols
IH'04 Proceedings of the 6th international conference on Information Hiding
Understanding statistical disclosure: a least squares approach
PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
Hi-index | 0.00 |
Anonymity protocols are not secure unless the communication structure is not learnable even in the case that the entire network traffic can be monitored by an adversary. When the true communication structure is cloaked under anonymity sets, the adversary may disclose the peers of a certain user by waiting for the observations to contain a unique minimum hitting set. This approach has been called the hitting set attack in the literature. We give the first mathematical analysis on the number of observations required to learn a unique minimum hitting set. Because this attack involves solving an NP-hard problem in each round, we propose two new learning algorithms, both of which are very efficient computationally. The first one breaks anonymity by combining the most suspicious elements into a hitting set. Because this algorithm is not capable of verifying its hypothesis, it is imperative to estimate the required number of observations. On the other hand, the second one is able to prove its hypothesis correct, but needs more observations.