Paper 2021/325

Spectrum: High-Bandwidth Anonymous Broadcast with Malicious Security

Zachary Newman and Sacha Servan-Schreiber and Srinivas Devadas

Abstract

We present Spectrum, a high-bandwidth, metadata-private file broadcasting system with malicious security guarantees. In Spectrum, a small number of publishers broadcast to many subscribers via two or more non-colluding servers. Subscribers generate indistinguishable cover traffic, hiding which users are publishers, for full metadata privacy. Spectrum builds on prior work that uses DC-nets for anonymous broadcast. Existing anonymous broadcast systems do not optimize for a setting where there are fewer publishers compared to subscribers -- a common situation in real-world broadcasts. To prevent disruption by malicious clients sending malformed requests, we develop a blind request authentication protocol that allows servers to reject malicious clients deviating from protocol. We also ensure security against malicious servers deviating from protocol and potentially colluding with clients. Our techniques for providing malicious security are applicable to other systems for anonymous broadcast and may be of independent interest. We implement and evaluate Spectrum. Compared to the state-of-the-art in cryptographic anonymous communication systems, Spectrum is 3--140X faster (and commensurately cheaper). Deployed on two commodity servers, Spectrum allows publishers to share 500 MB in 1h 24m with an anonymity set of 10,000 (for a total cost of about $1.93). This corresponds to an anonymous upload of a full-length 720p documentary movie.