Paper 2016/489

Two Cents for Strong Anonymity: The Anonymous Post-office Protocol

Nethanel Gelernter, Amir Herzberg, and Hemi Leibowitz


We introduce the {\em Anonymous Post-office Protocol (AnonPoP)}, a practical strongly-anonymous messaging system. AnonPoP offers anonymity against globally eavesdropping adversaries that control a majority of AnonPoP's servers. AnonPoP design combines effectively known techniques such as (synchronous) mix-cascade and constant sending rate, with several new techniques including {\em request-pool}, {\em bad-server isolation} and {\em per-epoch mailboxes}. \newline AnonPoP is {\em affordable}, with monthly costs of $2$\textcent\ per client, and {\em efficient} with respect to latency, communication, and energy, making it suitable for mobile clients. We developed an API that allows other applications to use AnonPoP for adding strong anonymity. We validated the system and its usability by experiments in cloud-based deployment and simulations, including a POC Android messaging application and a `double-blinded' usability study.

Available format(s)
Publication info
Preprint. MINOR revision.
AnonymityMixnetsPrivacyAnnonymous communicationTor
Contact author(s)
leibo hemi @ gmail com
2016-06-05: revised
2016-05-20: received
See all versions
Short URL
Creative Commons Attribution


      author = {Nethanel Gelernter and Amir Herzberg and Hemi Leibowitz},
      title = {Two Cents for Strong Anonymity: The Anonymous Post-office Protocol},
      howpublished = {Cryptology ePrint Archive, Paper 2016/489},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.