Visible to the public Anonymous Messaging - April 2017Conflict Detection Enabled

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI: Pramod Viswanath

Co-PI(s): Carl Gunter and Nikita Borisov

Researchers: Giulia Fanti, Jiaqi Mu, Ashok Vardhan Makkuva, Hyun Bin Lee, and Vincent Bindschaedler

This refers to Hard Problems, released November 2012.

Hard problem: Scalability and Composability

Anonymity is a basic right and a core aspect of Internet. Recently, there has been tremendous interest in anonymity and privacy in social networks, motivated by the natural desire to share one's opinions without the fear of judgment or personal reprisal (by parents, authorities, and the public).

In the first thread of this project, we propose to study the fundamental questions associated with building such a semi-distributed, anonymous messaging platform, which aims to keep anonymous the identity of the source who initially posted a message as well as the identity of the relays who approved and propagated the message.

Analyzing large datasets containing social networks or other potentially sensitive data often leads to privacy or anonymity concerns. In the second thread, we propose to explore the privacy risks associated with analyzing anonymized datasets. In particular, we focus on the privacy threats that stem from the use of different visualization techniques. We develop formal models of privacy protection measure on various visualization products created from large datasets.

Papers published in this quarter as a result of this research. Include title, author(s), venue published/presented, and a short description or abstract. Identify which hard problem(s) the publication addressed. Papers that have not yet been published should be reported in region 2 below.

[1] G. Fanti, S. Venkatakrishnan and P. Viswanath, "Dandelion: Redesigning BitCoin Networking for Anonymity", accepted to ACM Sigmetrics, 2017.

Abstract: Bitcoin and other cryptocurrencies have surged in popularity over the last decade. Although Bitcoin does not claim to provide anonymity for its users, it enjoys a public perception of being a `privacy-preserving' financial system. In reality, cryptocurrencies publish users' entire transaction histories in plaintext, albeit under a pseudonym; this is required for transaction validation. Therefore, if a user's pseudonym can be linked to their human identity, the privacy fallout can be significant. Recently, researchers have demonstrated deanonymization attacks that exploit weaknesses in the Bitcoin network's peer-to-peer (P2P) networking protocols. In particular, the P2P network currently forwards content in astructured way that allows observers to deanonymize users. In this work, we redesign the P2P network from first principles with the goal of providing strong, provable anonymity guarantees. We propose a simple networking policy called Dandelion, which achieves nearly-optimal anonymity guarantees at minimal cost to the network's utility. We also provide a practical implementation of Dandelion for deployment.

[2] S. Venkatakrishnan, H. Cam and P. Viswanath, "Topological Immunization in Peer-to-Peer Networks", working manuscript.


  • Fundamental limits to spreading and hiding of in the BitCoin P2P networking stack.
  • In this quarter our study of anonymity of the BitCoin networking stack has progressed smoothly, with significant research progress.