Cryptology ePrint Archive: Report 2018/848

A Universally Composable Framework for the Privacy of Email Ecosystems

Pyrros Chaidos and Olga Fourtounelli and Aggelos Kiayias and Thomas Zacharias

Abstract: Email communication is amongst the most prominent online activities, and as such, can put sensitive information at risk. It is thus of high importance that internet email applications are designed in a privacy-aware manner and analyzed under a rigorous threat model. The Snowden revelations (2013) suggest that such a model should feature a global adversary, in light of the observational tools available. Furthermore, the fact that protecting metadata can be of equal importance as protecting the communication context implies that end-to-end encryption may be necessary, but it is not sufficient.

With this in mind, we utilize the Universal Composability framework [Canetti, 2001] to introduce an expressive cryptographic model for email ``ecosystems'' that can formally and precisely capture various well-known privacy notions (unobservability, anonymity, unlinkability, etc.), by parameterizing the amount of leakage an ideal-world adversary (simulator) obtains from the email functionality.

Equipped with our framework, we present and analyze the security of two email constructions that follow different directions in terms of the efficiency vs. privacy tradeoff. The first one achieves optimal security (only the online/offline mode of the users is leaked), but it is mainly of theoretical interest; the second one is based on parallel mixing [Golle and Juels, 2004] and is more practical, while it achieves anonymity with respect to users that have similar amount of sending and receiving activity.

Category / Keywords: public-key cryptography / universal composability, anonymous communications, email, mix-net, privacy

Original Publication (with major differences): IACR-ASIACRYPT-2018

Date: received 7 Sep 2018, last revised 22 Jan 2019

Contact author: tzachari at inf ed ac uk

Available format(s): PDF | BibTeX Citation

Note: Revision of Section 4, as extended in the Post-conference version (05-Dec-2018 ) .

Version: 20190122:140917 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]