On the limits of provable anonymity

Abstract

We study provably secure anonymity. We begin with rigorous definition of anonymity against wide range of computationally bounded attackers, including eavesdroppers, malicious peers, malicious destinations, and their combinations. Following [hevia2008indistinguishability], our definition is generic, and captures different notions of anonymity (e.g., unobservability and sender anonymity). We then study the feasibility of ultimate anonymity: the strongest-possible anonymity requirements and adversaries. We show there is a protocol satisfying this requirement, but with absurd (although polynomial) inefficiency and overhead. We show that such inefficiency and overhead are unavoidable for 'ultimate anonymity'. We then present a slightly-relaxed requirement and present feasible protocols for it.