Paper 2015/681

ANONIZE: A Large-Scale Anonymous Survey System

Susan Hohenberger, Steven Myers, Rafael Pass, and abhi shelat


A secure ad-hoc survey scheme enables a survey authority to independently (without any interaction) select an ad-hoc group of registered users based only on their identities (e.g., their email addresses), and create a survey where only selected users can anonymously submit exactly one response. We present a formalization of secure ad-hoc surveys and present: * an abstract provably-secure implementation based on standard cryptographic building blocks (which in particular are implied by the existence of enhanced trapdoor permutations in the CRS model); * a practical instantiation of our abstract protocol, called ANONIZE, which is provably-secure in the random oracle model based on cryptographic assumptions on groups with bilinear maps. As far as we know, ANONIZE constitutes the first implementation of a large-scale secure computation protocol (of non-trivial functionalities) that can scale to millions of users.

Note: Journal version of our Oakland 2014 paper, substantially augmented with proofs, definitions, etc.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Major revision. IEEE Security and Privacy 2014
anonymous surveyaccountability
Contact author(s)
abhi @ virginia edu
2015-07-07: received
Short URL
Creative Commons Attribution


      author = {Susan Hohenberger and Steven Myers and Rafael Pass and abhi shelat},
      title = {{ANONIZE}: A Large-Scale Anonymous Survey System},
      howpublished = {Cryptology ePrint Archive, Paper 2015/681},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.