Abstract
Purchase PDF (302 K)
E-mail Article
Add to my Quick Links
Cited By in Scopus (4)
Purchase PDF (220 K)
doi:10.1016/j.tcs.2006.08.033 
Copyright © 2006 Elsevier B.V. All rights reserved.
Available online 5 September 2006.
References and further reading may be available for this article. To view references and further reading you must purchase this article.
Abstract
In this paper we propose a formalization of probable innocence, a notion of probabilistic anonymity that is associated to “realistic” protocols such as Crowds. We analyze critically two different definitions of probable innocence from the literature. The first one, corresponding to the property that Reiter and Rubin have proved for Crowds, aims at limiting the probability of detection. The second one, by Halpern and O’Neill, aims at constraining the attacker's confidence. Our proposal combines the spirit of both these definitions while generalizing them. In particular, our definition does not need symmetry assumptions, and it does not depend on the probabilities of the users to perform the action of interest. We show that, in case of a symmetric system, our definition corresponds exactly to the one of Reiter and Rubin. Furthermore, in the case of users with uniform probabilities, it amounts to a property similar to that of Halpern and O’Neill.
Another contribution of our paper is the study of probable innocence in the case of protocol composition, namely when multiple runs of the same protocol can be linked, as in the case of Crowds.
Keywords: Anonymity; Probable innocence; Nondeterminism; Probability; Crowds
