Henry
Corrigan-
Gibbs

Riposte: An Anonymous Messaging System Handling Millions of Users

Henry Corrigan-Gibbs, Dan Boneh, and David Mazières

IEEE Symposium on Security and Privacy (Oakland)
May 18-20, 2015, San Jose, California

Caspar Bowden Award for Outstanding Research in Privacy Enhancing Technologies
IEEE S&P Distinguished Paper Award

Materials

• Paper: PDF
• Code: BitBucket
• Slides: PDF (3.8 MB), PPTx (1.6 MB)

Abstract

This paper presents Riposte, a new system for anonymous broadcast messaging. Riposte is the first such system, to our knowledge, that simultaneously protects against traffic-analysis attacks, prevents anonymous denial-of-service by malicious clients, and scales to million-user anonymity sets. To achieve these properties, Riposte makes novel use of techniques used in systems for private information retrieval and secure multi-party computation. For latency-tolerant workloads with many more readers than writers (e.g. Twitter, Wikileaks), we demonstrate that a three-server Riposte cluster can build an anonymity set of 2,895,216 users in 32 hours.

Note: There was an error in the "AlmostEqual" protocol in Section 5.1 of the proceedings version of this paper. Please see the discussion on the title page of the extended version of the paper (linked above) for details.