cMix: Anonymization byHigh-Performance Scalable Mixing.

cMix is a suite of cryptographic protocols that can replace today’s dominant chat systems, offering superior confidentiality and anonymity, while providing comparable performance to users. cMix permutes batches of uniform-length messages through a fixed cascade of nodes and moves all expensive public-key operations into precomputations that can be carried out using separate dedicated hardware at each node. cMix provides payload secrecy, sender-recipient unlinkability, sender anonymity, and sender authentication for recipients, unless all cMix nodes are compromised. For each batch, the adversary may know all senders and all recipients of traffic in the underlying packet-switched network, yet the adversary cannot link any sender to recipient. cMix provides fast delivery of messages, in both the forward and reverse directions, by having each node perform only a small number of symmetric-key and simple group operations (no modular exponentiations) in real time. Performance benefits include moderately low latency (despite large batch sizes) and efficient utilization of node machines. Senders (e.g., smartphones) perform their part of the cMix real-time protocols with similarly modest amounts of computation, resulting in negligible additional delay, battery, or bandwidth usage. The performance of cMix scales linearly in terms of the number of nodes, users, and messages, Our presentation includes a detailed specification of cMix, simulation-based security proofs, and anonymity analysis. We have implemented cMix on clients on the Android platform, and we give performance analysis, both modelled and measured, of two working prototypes currently running in the cloud.