Proactively Accountable Anonymous Messaging in Verdict

Abstract: The DC-nets approach to anonymity has long held attraction for its strength against traffic analysis, but practical implementations remain vulnerable to internal disruption or "jamming" attacks requiring time-consuming tracing procedures to address. We present Verdict, the first practical anonymous group communication system built using proactively verifiable DC-nets: participants use public key cryptography to construct DC-net ciphertexts, and knowledge proofs to detect and detect and exclude misbehavior before disruption. We compare three alternative constructions for verifiable DC-nets, one using bilinear maps and two based on simpler ElGamal encryption. While verifiable DC-nets incurs higher computation overheads due to the public-key cryptography involved, our experiments suggest Verdict is practical for anonymous group messaging or microblogging applications, supporting groups of 100 clients at 1 second per round or 1000 clients at 10 seconds per round. Furthermore, we show how existing symmetric-key DC-nets can "fall back" to a verifiable DC-net to quickly identify mis- behavior improving previous detections schemes by two orders of magnitude than previous approaches.