a practical complexity theoretic analysis of mix systems
play

A Practical Complexity-Theoretic Analysis of Mix Systems Vinh Pham 1 - PowerPoint PPT Presentation

Mar 03, 2024 •469 likes •778 views

A Practical Complexity-Theoretic Analysis of Mix Systems Vinh Pham 1 , Joss Wright 2 , Dogan Kesdogan 1 Siegen University, Germany 1 , University of Oxford, United Kingdom 2 1/13 Motivation Anonymity definition [Pfitzmann & K ohntop

  1. A Practical Complexity-Theoretic Analysis of Mix Systems Vinh Pham 1 , Joss Wright 2 , Dogan Kesdogan 1 Siegen University, Germany 1 , University of Oxford, United Kingdom 2 1/13

  2. Motivation Anonymity definition [Pfitzmann & K¨ ohntop 2010]: Anonymity of a subject means that the subject is not sufficiently identifiable within a set of subjects, the anonymity set. Anon. Set Attributes Attributes s 3 a 5 s 3 a 5 Subject s 2 a 2 s 2 a 2 s 1 a 4 s 1 a 4 How strong is the concept of anonymity sets if: a subject is associated to a fixed set of attributes H A and a subject and its attributes a ∈ H A are repeatedly observed? 2/13

  3. Simple Mix and Attacker Model Recipient set R S ′ R ′ Sender set S r 1 s 6 r 5 s 3 s 1 r 9 Mix s 5 r 2 s 8 s 4 r 3 Global passive attacker (1) Information leakage per round is ( S ′ , R ′ ) : Sender set: S (can be equal R ) Recipient set: R = { r 1 , . . . , r N } , where | R | = N Sender anonymity set: S ′ ⊂ S , where | S ′ | = b is batch size Receiver set: R ′ ⊂ R , where | R ′ | ≤ b 3/13

  4. Attacker Model (2) Alice repeatedly contacts a fixed set of recipients: Alice’s peer set: H A = { a 1 , . . . , a m } , a i ∈ R and m = |H A | Alice’s peer: If r ∈ H A , also reffered by variable a Peer: Any receiver r ∈ R of a receiver set R ′ 4/13

  5. Attacker Model (2) Alice repeatedly contacts a fixed set of recipients: Alice’s peer set: H A = { a 1 , . . . , a m } , a i ∈ R and m = |H A | Alice’s peer: If r ∈ H A , also reffered by variable a Peer: Any receiver r ∈ R of a receiver set R ′ Sender anon. set Observation: O = { a, r 2 , . . . , r b } , a set R ′ Observation a Alice containing Alice’s contacted peer a . r 2 s 2 . . . . (One contact per round to simplify maths.) . . r b s b Observation Set: OS = {O 1 , . . . , O t } 4/13

  6. Attacker Model (2) Alice repeatedly contacts a fixed set of recipients: Alice’s peer set: H A = { a 1 , . . . , a m } , a i ∈ R and m = |H A | Alice’s peer: If r ∈ H A , also reffered by variable a Peer: Any receiver r ∈ R of a receiver set R ′ Sender anon. set Observation: O = { a, r 2 , . . . , r b } , a set R ′ Observation a Alice containing Alice’s contacted peer a . r 2 s 2 . . . . (One contact per round to simplify maths.) . . r b s b Observation Set: OS = {O 1 , . . . , O t } Intersection attack Goal: Unambiguous identification of Alice’s peer set H A Known: Condition (1) and (2) Unknown: Recipient set size N , batch size b , Number of Alice’s peers m , communication distribution of senders 4/13

  7. Minimal Hitting Set Attack (HS-Attack) Example: Alice repeatedly contacts two recipients, b = 2 , m = 2 R = { 1 , . . . , 6 } 3 4 3 6 H A = { 1 , 2 } 1 2 2 1 Observations: O 1 O 2 O 3 O 4 Smallest minimal hitting set O 1 { 3 } , { 1 } O 2 { 3 , 4 } , { 3 , 2 } , { 1 , 4 } , { 1 , 2 } O 3 { 3 , 4 } , { 3 , 2 } , { 1 , 2 } O 4 { 1 , 2 } Maximal number of sets: b m 5/13

  8. Minimal Hitting Set Attack (HS-Attack) Example: Alice repeatedly contacts two recipients, b = 2 , m = 2 R = { 1 , . . . , 6 } 3 4 3 6 H A = { 1 , 2 } 1 2 2 1 Observations: O 1 O 2 O 3 O 4 Smallest minimal hitting set O 1 { 3 } , { 1 } O 2 { 3 , 4 } , { 3 , 2 } , { 1 , 4 } , { 1 , 2 } O 3 { 3 , 4 } , { 3 , 2 } , { 1 , 2 } t h g O 4 { 1 , 2 } i t Maximal number of sets: b m 5/13

  9. Minimal Hitting Set Attack (HS-Attack) Example: Alice repeatedly contacts two recipients, b = 2 , m = 2 R = { 1 , . . . , 6 } 3 4 3 6 H A = { 1 , 2 } 1 2 2 1 Observations: O 1 O 2 O 3 O 4 By collecting observations: Smallest minimal hitting set O 1 { 3 } , { 1 } Prob. of sets H � = H A O 2 { 3 , 4 } , { 3 , 2 } , { 1 , 4 } , { 1 , 2 } decreases exponentially O 3 { 3 , 4 } , { 3 , 2 } , { 1 , 2 } O 4 { 1 , 2 } Maximal number of sets: b m 5/13

  10. Minimal Hitting Set Attack (HS-Attack) Example: Alice repeatedly contacts two recipients, b = 2 , m = 2 R = { 1 , . . . , 6 } 3 4 3 6 H A = { 1 , 2 } 1 2 2 1 Observations: O 1 O 2 O 3 O 4 By collecting observations: Smallest minimal hitting set O 1 { 3 } , { 1 } Prob. of sets H � = H A O 2 { 3 , 4 } , { 3 , 2 } , { 1 , 4 } , { 1 , 2 } decreases exponentially O 3 { 3 , 4 } , { 3 , 2 } , { 1 , 2 } ⇒ H A will become unique O 4 { 1 , 2 } smallest minimal hitting set Maximal number of sets: b m 5/13

  11. Minimal Hitting Set Attack (HS-Attack) Example: Alice repeatedly contacts two recipients, b = 2 , m = 2 R = { 1 , . . . , 6 } 3 4 3 6 H A = { 1 , 2 } 1 2 2 1 Observations: O 1 O 2 O 3 O 4 By collecting observations: Smallest minimal hitting set O 1 { 3 } , { 1 } Prob. of sets H � = H A O 2 { 3 , 4 } , { 3 , 2 } , { 1 , 4 } , { 1 , 2 } decreases exponentially O 3 { 3 , 4 } , { 3 , 2 } , { 1 , 2 } N ⇒ H A will become unique P - h a O 4 { 1 , 2 } r d smallest minimal hitting set Maximal number of sets: b m 5/13

  12. Difference to Statistical (Disclosure) Attacks Succeeds even if other recipients are more frequently observed than Alice’s peers Succeeds in the case of unpredictable distribution of recipients Example: Alice repeatedly contacts two recipients, b = 3 , m = 2 H A = { 1 , 2 } 1 2 1 2 1 1 3 4 3 5 3 5 Observations: 6 7 5 6 4 4 O 1 O 2 O 3 O 4 O 5 O 6 Peers 1 2 3 4 5 6 7 Freq. 4 2 3 3 3 2 1 6/13

  13. Difference to Statistical (Disclosure) Attacks Succeeds even if other recipients are more frequently observed than Alice’s peers Succeeds in the case of unpredictable distribution of recipients Example: Alice repeatedly contacts two recipients, b = 3 , m = 2 H A = { 1 , 2 } 1 2 1 2 1 1 3 4 3 5 3 5 Observations: 6 7 5 6 4 4 O 1 O 2 O 3 O 4 O 5 O 6 Peers 1 2 3 4 5 6 7 Freq. 4 2 3 3 3 2 1 Smallest minimal hitting set O 1 { 1 } , { 3 } , { 6 } O 2 { 1 , 2 } , { 1 , 4 } , { 1 , 7 } , { 2 , 3 } , { 3 , 4 } , { 3 , 7 } , { 2 , 6 } , { 4 , 6 } , { 6 , 7 } O 3 { 1 , 2 } , { 1 , 4 } , { 1 , 7 } , { 2 , 3 } , { 3 , 4 } , { 3 , 7 } O 4 { 1 , 2 } , { 2 , 3 } O 5 { 1 , 2 } , { 2 , 3 } O 6 { 1 , 2 } 6/13

  14. Contribution Current assumption about HS-attack: Intractable for large values N, b, m , due to solving NP-hard problems (smallest minimal hitting set) Surprises when applying HS-attack: Many non-trivial cases, solvable in polynomial mean time Mean complexity determined by some relation between N, b, m Contribution Mathematical bound of mean time complexity w.r.t. N, b, m Bound applies to non-uniform user communication Identifies Mix settings that are polynomial time breakable 7/13

  15. Estimating Number of Observations Hit by a Set C � �� � Hypothesis: H = { r 1 , . . . , r x , r x 1 +1 , . . . , r m − i } � �� � � �� � x chosen peers ( m − x ) non-chosen peers chosen: C ⊆ H , where all observations hitting C are known non-chosen: Only frequency of each single peer is known � Potential: Po ( H , C ) = |OS [ C ] | + |OS [ r ] \ OS [ C ] | � �� � � �� � r ∈H\C # obs. hitting C # obs. containing r Example: Potential of H = { r 1 , r 2 , r 3 } w.r.t. chosen peers OS = {O 1 , . . . , O 8 } 2 1 1 OS [ r 1 ] = {O 1 , O 2 , O 3 } OS [ r 1 ] OS [ r 2 ] OS [ r 2 ] = {O 2 , O 3 , O 4 , O 5 } 3 OS [ r 3 ] = {O 3 , O 4 , O 6 } 2 2 C = {} : Po ( { r 1 , r 2 , r 3 } ) = (3 + 4 + 3) OS [ r 3 ] 1 8/13

  16. Estimating Number of Observations Hit by a Set C � �� � Hypothesis: H = { r 1 , . . . , r x , r x 1 +1 , . . . , r m − i } � �� � � �� � x chosen peers ( m − x ) non-chosen peers chosen: C ⊆ H , where all observations hitting C are known non-chosen: Only frequency of each single peer is known � Potential: Po ( H , C ) = |OS [ C ] | + |OS [ r ] \ OS [ C ] | � �� � � �� � r ∈H\C # obs. hitting C # obs. containing r Example: Potential of H = { r 1 , r 2 , r 3 } w.r.t. chosen peers OS = {O 1 , . . . , O 8 } 1 1 OS [ r 1 ] = {O 1 , O 2 , O 3 } OS [ r 2 ] \ OS [ r 1 ] OS [ r 2 ] = {O 2 , O 3 , O 4 , O 5 } OS [ r 1 ] OS [ r 3 ] = {O 3 , O 4 , O 6 } 2 C = {} : Po ( { r 1 , r 2 , r 3 } ) = (3 + 4 + 3) OS [ r 3 ] \ OS [ r 1 ] C = { r 1 } : Po ( { r 1 , r 2 , r 3 } ) = 3 + (2 + 2) 1 8/13

  17. ExactHS Algorithm Computes/disproves all hypotheses H recursively within O ( b m ) Starts with C = {} Adds one suspected peer to C in each recursion level until: H ′ Po ( H ′ , C ) < |OS| , then all H ⊇ C disproved, or max C hits all observations in OS and is thus a hitting set Example: b = 2 , m = 3 , H A = { 1 , 2 , 3 } Observations: Search tree: 4 6 5 4 7 8 (2 + 2 + 2) 1 1 2 3 3 2 O 1 O 2 O 3 O 4 O 5 O 6 max H Po ( H , {} ) Peer choices: 9/13

  18. ExactHS Algorithm Computes/disproves all hypotheses H recursively within O ( b m ) Starts with C = {} Adds one suspected peer to C in each recursion level until: H ′ Po ( H ′ , C ) < |OS| , then all H ⊇ C disproved, or max C hits all observations in OS and is thus a hitting set Example: b = 2 , m = 3 , H A = { 1 , 2 , 3 } Observations: Search tree: 4 6 5 4 7 8 (2 + 2 + 2) 1 1 2 3 3 2 4 , 1 O 1 O 2 O 3 O 4 O 5 O 6 Peer choices: 1 C = { 4 } 9/13

  19. ExactHS Algorithm Computes/disproves all hypotheses H recursively within O ( b m ) Starts with C = {} Adds one suspected peer to C in each recursion level until: H ′ Po ( H ′ , C ) < |OS| , then all H ⊇ C disproved, or max C hits all observations in OS and is thus a hitting set Example: b = 2 , m = 3 , H A = { 1 , 2 , 3 } Observations: Search tree: 4 6 5 4 7 8 (2 + 2 + 2) 1 1 2 3 3 2 4 , 1 O 1 O 2 O 3 O 4 O 5 O 6 2 + (2 + 1) Peer choices: 1 C = { 4 } − max H Po ( H , { 4 } ) 9/13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lattice-Theoretic Data-Flow Framework and Intro to SSA Last Time Started lattice theoretic

Lattice-Theoretic Data-Flow Framework and Intro to SSA Last Time Started lattice theoretic

Lattice-Theoretic Data-Flow Framework and Intro to SSA Last Time Started lattice theoretic frameworks for Data-flow analysis [Aho,Sethi,Ullman,Lam] Today Complexity and correctness of IDFA Affect of program representation on

544 views • 8 slides
Supremacy Experiments Complexity-Theoretic Foundations of Quantum . . . . . . 1 / 29 UT

Supremacy Experiments Complexity-Theoretic Foundations of Quantum . . . . . . 1 / 29 UT

. . July 7, 2017 Complexity-Theoretic Foundations of Quantum Supremacy Experiments July 7, 2017 Scott Aaronson, Lijie Chen Supremacy Experiments Complexity-Theoretic Foundations of Quantum . . . . . . 1 / 29 UT Austin, Tsinghua

761 views • 32 slides
Automata-theoretic analysis of hybrid systems Madhavan Mukund SPIC Mathematical Institute 92, G

Automata-theoretic analysis of hybrid systems Madhavan Mukund SPIC Mathematical Institute 92, G

Automata-theoretic analysis of hybrid systems Madhavan Mukund SPIC Mathematical Institute 92, G N Chetty Road Chennai 600 017, India Email: madhavan@smi.ernet.in URL: http://www.smi.ernet.in/~madhavan Tutorial at BRNS Workshop on Verification

548 views • 24 slides
Invariants Associated to K-theoretic Methods and Complexity of Algebraic Cycle Groups Karim

Invariants Associated to K-theoretic Methods and Complexity of Algebraic Cycle Groups Karim

Invariants Associated to K-theoretic Methods and Complexity of Algebraic Cycle Groups Karim Mansour University of Alberta Department of Mathematics Alberta, Canada abdelgal@ualberta.ca December 04, 2100 Detecting geometry by its interaction

663 views • 53 slides
Towards a Complexity-theoretic Understanding of Restarts in SAT solvers Chunxiao Li 1 , Noah

Towards a Complexity-theoretic Understanding of Restarts in SAT solvers Chunxiao Li 1 , Noah

Towards a Complexity-theoretic Understanding of Restarts in SAT solvers Chunxiao Li 1 , Noah Fleming 2 , Marc Vinyals 3 , Toniann Pitassi 2 and Vijay Ganesh 1 1 University of Waterloo, Canada 2 University of Toronto, Canada 3 Technion, Israel

448 views • 18 slides
Safety Analysis of Systems Aaron R. Bradley Stanford University Safety Analysis of Systems

Safety Analysis of Systems Aaron R. Bradley Stanford University Safety Analysis of Systems

Safety Analysis of Systems Aaron R. Bradley Stanford University Safety Analysis of Systems 1/39 Why Analyze Systems? Two trends: increasing prominence in controlling and decision-making roles rising complexity (multi-core

1.16k views • 86 slides
Time and Space Complexity For practical solutions to computational problems available time, and

Time and Space Complexity For practical solutions to computational problems available time, and

Time and Space Complexity For practical solutions to computational problems available time, and Computability and Complexity available memory are two main considerations. Lecture 14 We have already studied time complexity, now we will focus

360 views • 3 slides
Lattice-Theoretic Framework for Data-Flow Analysis Last time Generalizing data-flow

Lattice-Theoretic Framework for Data-Flow Analysis Last time Generalizing data-flow

Lattice-Theoretic Framework for Data-Flow Analysis Last time Generalizing data-flow analysis Today Introduce lattice-theoretic frameworks for data-flow analysis CS553 Lecture Lattice Theoretic Framework for DFA 1 Context

421 views • 15 slides
High-dimensional graphical model selection: Practical and information-theoretic limits Martin

High-dimensional graphical model selection: Practical and information-theoretic limits Martin

High-dimensional graphical model selection: Practical and information-theoretic limits Martin Wainwright Departments of Statistics, and EECS UC Berkeley, California, USA Based on joint work with: John Lafferty (CMU), Pradeep Ravikumar (UC

338 views • 22 slides
A computational complexity-theoretic elaboration of weak truth-table reducibility Kohtaro Tadaki

A computational complexity-theoretic elaboration of weak truth-table reducibility Kohtaro Tadaki

A computational complexity-theoretic elaboration of weak truth-table reducibility Kohtaro Tadaki Research and Development Initiative, Chuo University JST CREST Tokyo, Japan Supported by the Ministry of Economy, Trade and Industry of Japan and

464 views • 32 slides
I-Complexity and Discrete Towards Precise . . . Derivative of Logarithms: Our Result Proof A

I-Complexity and Discrete Towards Precise . . . Derivative of Logarithms: Our Result Proof A

Kolmogorov Complexity Need for Approximate . . . I-Complexity Good Properties of I- . . . I-Complexity and Discrete Towards Precise . . . Derivative of Logarithms: Our Result Proof A Group-Theoretic Acknowledgments References Explanation

481 views • 12 slides
Automated Complexity Analysis of Rewrite Systems Florian Frohn RWTH Aachen University, Germany

Automated Complexity Analysis of Rewrite Systems Florian Frohn RWTH Aachen University, Germany

Automated Complexity Analysis of Rewrite Systems Florian Frohn RWTH Aachen University, Germany December 11, 2018 Automated Complexity Analysis of Rewrite Systems 1 Automated Complexity Analysis of Rewrite Systems Florian Frohn RWTH Aachen

1.61k views • 145 slides
Complexity Analysis of Precedence Terminating Infinite Graph Rewrite Systems Naohi Eguchi Chiba

Complexity Analysis of Precedence Terminating Infinite Graph Rewrite Systems Naohi Eguchi Chiba

Complexity Analysis of Precedence Terminating Infinite Graph Rewrite Systems Naohi Eguchi Chiba University, Japan University of Innsbruck, Austria September 27, 2014 41st TRS meeting, Jozankei, Sapporo, Japan Introduction Complexity

392 views • 16 slides
The descriptive set-theoretic complexity of the set of points of continuity of a multi-valued

The descriptive set-theoretic complexity of the set of points of continuity of a multi-valued

The descriptive set-theoretic complexity of the set of points of continuity of a multi-valued function Vassilis Gregoriades Technische Universit at Darmstadt, GERMANY A multi-valued (total) function from a set X to another set Y is a function

502 views • 13 slides
Meta-Bayesian Analysis A Bayesian decision-theoretic analysis of Bayesian inference under model

Meta-Bayesian Analysis A Bayesian decision-theoretic analysis of Bayesian inference under model

Meta-Bayesian Analysis A Bayesian decision-theoretic analysis of Bayesian inference under model misspecification Jun Yang joint work with Daniel Roy Department of Statistical Sciences University of Toronto World Congress in Probability and

190 views • 17 slides
Hybrid Elections Broaden Complexity-Theoretic Resistance to Control Edith Hemaspaandra 1 Lane A.

Hybrid Elections Broaden Complexity-Theoretic Resistance to Control Edith Hemaspaandra 1 Lane A.

Overview, Definitions, and Discussion Inheritance and Hybrid Elections: Results Questions? Hybrid Elections Broaden Complexity-Theoretic Resistance to Control Edith Hemaspaandra 1 Lane A. Hemaspaandra 2 Jrg Rothe 3 1 Rochester Institute of

547 views • 50 slides
Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a

Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a

Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a highly evolved form of information warfare. Fascinating socioeconomic study with many players - users, ISPs, spammers, technologists, legal

322 views • 17 slides
Welcome PolicyWorks for Philanthropy seeks to effectively engage regional associations of

Welcome PolicyWorks for Philanthropy seeks to effectively engage regional associations of

* 6 mute * 6 mute * 7 unmute Welcome PolicyWorks for Philanthropy seeks to effectively engage regional associations of grantmakers in policy work that helps to ensure a vibrant philanthropic sector able to strengthen t ib t hil th i t bl t t th

610 views • 35 slides
Melting the Snow Using Active DNS Measurements to Detect Snowshoe Spam Domains Olivier van der

Melting the Snow Using Active DNS Measurements to Detect Snowshoe Spam Domains Olivier van der

Melting the Snow Using Active DNS Measurements to Detect Snowshoe Spam Domains Olivier van der Toorn November 13, 2018 University of Twente, Design and Analysis of Communication Systems Introduction Olivier

825 views • 71 slides
The main loop in ray tracing for ( each pixel row y ) // This loop is in the render function of

The main loop in ray tracing for ( each pixel row y ) // This loop is in the render function of

The main loop in ray tracing for ( each pixel row y ) // This loop is in the render function of RenderEngine for ( each pixel column x ) { // Implement this loop (first assignment) // In the compute pixel function of RayCaster r = ray through

267 views • 3 slides
Cloud Security on the Dollar Menu ARNEL MANALO, CISSP, AWS-CSAA SHELLCON 2018 Agenda

Cloud Security on the Dollar Menu ARNEL MANALO, CISSP, AWS-CSAA SHELLCON 2018 Agenda

Cloud Security on the Dollar Menu ARNEL MANALO, CISSP, AWS-CSAA SHELLCON 2018 Agenda Introductions What RMTS does Intro AWS security model Breaches and State Laws AWS Recon Hardening AWS About me: Arnel Manalo,

819 views • 39 slides
with new hadronic top-tagging techniques T T.A. du Pree, P. Harris, J. Marrouche, N. Wardle

with new hadronic top-tagging techniques T T.A. du Pree, P. Harris, J. Marrouche, N. Wardle

Search for top+ E miss with new hadronic top-tagging techniques T T.A. du Pree, P. Harris, J. Marrouche, N. Wardle [CERN] M. Cremonesi, B. Jayatilaka, J. Lewis, C.M. Suarez, N. Tran [Fermilab] D. Abercrombie, B. Allen, Z. Demiragli, G. G

346 views • 34 slides
Outline 1. Introduction 2. Spectral Energy Distributions 3. Beaming Effect in Fermi Blazars 4.

Outline 1. Introduction 2. Spectral Energy Distributions 3. Beaming Effect in Fermi Blazars 4.

The Spectral Energy Distributions and Beaming Effect for Fermi Blazars Junhui Fan Guangzhou University Collaborators: J H Yang, Y Liu, C Lin, Y.H. Yuan, H B Xiao Black Holes and Friends 2 11-13 April 2016, Fudan Univ. China Outline 1.

693 views • 65 slides
Good Machine Learning = Generalization Goal of machine learning: build models that generalize

Good Machine Learning = Generalization Goal of machine learning: build models that generalize

Good Machine Learning = Generalization Goal of machine learning: build models that generalize well to predicting new data Overfitting: fitting the training data too well, so we lose generality of model o Example: linear regression vs.

120 views • 11 slides

More recommend