Seldom: An Anonymity Network with Selective Deanonymization

TL;DR

Seldom presents an anonymity network that integrates selective deanonymization via a trusted consortium and translucent ledger, aiming to deter criminal activity while preserving user privacy for the majority. The approach binds outgoing traffic to threshold-encrypted identities through an oblivious authentication protocol, enabling law enforcement to reveal identities only for warranted cases and with public oversight. Performance evaluation shows negligible user-perceived overhead compared to Tor, with manageable bandwidth and storage implications for Tor-sized networks. The work highlights trade-offs between enhanced privacy and governance transparency, and it calls for further exploration of scalability, trust, and ethical considerations in deploying such exceptional-access systems.

Abstract

While anonymity networks such as Tor provide invaluable privacy guarantees to society, they also enable all kinds of criminal activities. Consequently, many blameless citizens shy away from protecting their privacy using such technology for fear of being associated with criminals. To grasp the potential for alternative privacy protection for those users, we design Seldom, an anonymity network with integrated selective deanonymization that disincentivizes criminal activity. Seldom enables law enforcement agencies to selectively access otherwise anonymized identities of misbehaving users while providing technical guarantees preventing these access rights from being misused. Seldom further ensures translucency, as each access request is approved by a trustworthy consortium of impartial entities and eventually disclosed to the public (without interfering with ongoing investigations). To demonstrate Seldom's feasibility and applicability, we base our implementation on Tor, the most widely used anonymity network. Our evaluation indicates minimal latency, processing, and bandwidth overheads compared to Tor; Seldom's main costs stem from storing flow records and encrypted identities. With at most 636 TB of storage required in total to retain the encrypted identifiers of a Tor-sized network for two years, Seldom provides a practical and deployable technical solution to the inherent problem of criminal activities in anonymity networks. As such, Seldom sheds new light on the potentials and limitations when integrating selective deanonymization into anonymity networks.

Figures (11)

• Figure 1: Overview of Seldom's anonymization (Figure \ref{['fig:overview:anonymization']}) and deanonymization (Figure \ref{['fig:overview:deanonymization']}) procedures.
• Figure 2: Seldom's oblivious authentication protocol hides the client's identity behind multiple layers of threshold encryption (entries marked with a padlock), which can only be decrypted through collaboration of the consortium. The encrypted identity of a 3-hop circuit is approximately 500 long.
• Figure 3: Flow records are searchable by LEA. The link to the encrypted identity is however encrypted by the exit relay to prevent the matching of multiple flows to the same circuit. Storing a flow ultimately produces 134B of data.
• Figure 4: During the establishment of a circuit, a Seldom exit relay first ①performs the Seldom handshake and stores the encrypted identity of the client. Then, ②one or multiple connections are opened by the client and the flow records stored by the exit relay. The exit relay ③periodically publishes its locally stored data to the database and ④remains available for possible collaboration with the consortium during deanonymizations.
• Figure 5: Seldom relies on a trusted consortium. During operation, LEA can make deanonymization requests on a translucent ledger, which will be voted on by the consortium and, if accepted, collaboratively executed by the consortium.