Connect with us

Hi, what are you looking for?



PrivaTegrity – David Chaum’s Anonymous Communications Project

David Chaum, inventor of various cryptographic protocols with more than 30 years of experience in the field, has introduced a new anonymous communications project that takes on networks such as Tor, I2P, HORNET or Vuvuzela.

David Chaum, inventor of various cryptographic protocols with more than 30 years of experience in the field, has introduced a new anonymous communications project that takes on networks such as Tor, I2P, HORNET or Vuvuzela.

Chaum’s work is already used in such networks, with the Tor project’s Onion protocol being based on the Mix Network (sometimes called Mixing Network) anonymity protocols, a concept that he published back in 1979. Current anonymous communications research is also based on his work, namely on the “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms” paper he published in 1981.

Last week at the Real World Cryptography Conference at Stanford University, Chaum presented a new paper (PDF) called “cMix: Anonymization by High-Performance Scalable Mixing,” which describes the cMix concept—an evolved Mix Network. The paper also presents PrivaTegrity, a more secure network for anonymous communications, based on the new cMix cryptographic protocol.

For the past two years, Chaum has worked with a team of academic partners at Purdue University, Radboud University in the Netherland, Birmingham University in the UK, and the Cyber Defense Lab at the University of Maryland, Baltimore County on the cMix protocol and the PrivaTegrity network project. The idea is to provide users with encrypted communications that cannot be cracked by either hackers or governments.

The new network is expected to prove more secure compared to Tor and I2P, while also being fast enough so that users won’t spot delays in their communication. According to the paper, while the Tor network is susceptible to traffic-analysis attacks because of its non-uniform message size and timing, cMix is meant to eliminate these issues and makes it impossible to link the outputs to the inputs.

The protocol avoids real-time public-key operations by senders, mix nodes, and receivers and ensures that inputs pass through a cascade of mix nodes and end up in an output buffer. The input is encrypted using the sender’s message key, which is shared with each mix node, and the sender also sets up a long-term shared key separately with each cMix node.

Simply put, each node assigns a slot for each message it can process and, after the sender encrypts the message and sends it, each node uses precomputation to assign a random value to each slot and encrypts the received data using the pre-shared key and the random value. During the reverse path, when the node needs to send the data to the receiver, each node multiplies back in the shared keys.

Advertisement. Scroll to continue reading.

Most of the computational operations are performed on the server side and not on the client, which eliminates real-time public-key operations and improves performance. The paper also claims that the protocol is capable of detecting and preventing tagging attacks, and that the cMix protocol can ensure sender anonymity if any sender in the cMix network is indistinguishable from all other potential senders.

The PrivaTegrity network is also meant to establish a trust model that offers a balance of anonymity and accountability, the paper says. According to Wired, the project is currently in its infancy, with an alpha version available on Android and working as an instant-messaging app at the moment, but expected to gain file sharing capabilities in the near future.

Additionally, the PrivaTegrity network will have a built-in controlled backdoor that should allow for the privacy and anonymity of people doing things “generally recognized as evil” to be revealed. As soon as the network is set up and running, there will be nine server administrators forming a council in control of the backdoor, who will also decide who counts as “evil.”

Basically, the network will be seeking balance between law enforcement agencies’ request for access to criminals’ encrypted data and the argument that mass spying should be blocked. The nine admins would need to be in full agreement when deciding to reveal the private data of bad actors, as decryption will be possible only if all nine servers cooperate. If only eight do so, encrypted messages won’t be reconstructed.

A prototype of the network will have its servers running in Amazon’s cloud, but PrivaTegrity will eventually have all of its servers moved abroad, thus avoiding American government surveillance. These servers will be placed in countries with democratic governments, such as Switzerland, Canada and Iceland, among others.

As of late, there has been significant controversy regarding encrypted communication services, with many governments around the world asking tech companies to include backdoors in their services, claiming that the move would help in ongoing investigations. However, many feared that these backdoors would pave the way to mass surveillance, another controversial subject ever since former US intelligence contractor Edward Snowden blew the whistle on many of the US government’s mass surveillance operations.

BlackBerry said in late November that it would exit Pakistan after a spat with the local government over requsts for backdoors in its encrypted services, but announced just before year’s end that it would continue operations in the country after the government backed down on its requests. Countries such as the Netherlands, however, said that they oppose encryption backdoors .

In November, the deadly Paris attacks reignited debate on encrypted communications, as terror cells have been found to abuse them to avoid detection. However, the technology for encryption, which is meant to keep users’ communication private, is seen as a double-edged sword that can equally be used by democracy campaigners, law enforcement or violent extremists.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.


Spanish Court agreed to extradite Joseph James O’Connor to he U.S., who allegedly took part in the July 2020 hacking of Twitter accounts of...


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...