Related publication: "Strong Anonymity is not Enough: Introducing Fault Tolerance to Planet-Scale Anonymous Communication Systems".

This repository lists the Anonymous Communication Systems (ACS), used configurations, and obtained results from our 2019 evaluation of FTMix (formerly zeno), Vuvuzela, and Pung.

In order to collect real-world data on the performance characteristics of the evaluated ACS, we proposed and implemented an ACS test bed targeted for planet-scale experiments on public clouds. It takes care of instance provisioning for each evaluated ACS and user base size, conducts the experiments and collects the metrics of interest, and calculates statistics and figures based on the collected data.

ACS test bed: numbleroot/acs-test-bed.

We integrated straightforward fault tolerance measures into a cascade-based, pool-style mixnet called FTMix, enabling it to remain available despite a large number of Byzantine failures.

Mind: At the time of our experiments, our proof-of-concept fault-tolerant mixnet was still called zeno. We renamed it to FTMix (fault-tolerant mixnet) due to scope change and to make its purpose immediately clear through its name. In order not to create inconsistencies in the data sets, however, we have not replaced 'zeno' with 'FTMix' in any of the GCP configuration files or result logs. Please keep that in mind when you look at these files.

Mixnet Vuvuzela follows a conventional single-cascade mixnet architecture. It was subsequently tightly integrated with metadata-private dialing system Alpenhorn, which made evaluation of core-Vuvuzela difficult. Thus, we base our experiments of Vuvuzela on a fork of its source code as of late 2016 (right before integration of Alpenhorn) and with slight modifications that enabled scriptability needed for such large-scale evaluation.

Fork of mixnet Vuvuzela on branch vanilla-vuvuzela with minor adjustments for evaluation purposes: numbleroot/vuvuzela.

Computational Private Information Retrieval (CPIR) system Pung achieves its anonymity guarantees through the very different ACS foundation of PIR. Its basis on the computational variant of this technique enables zerotrust deployments, i.e., a single untrusted server that relays messages between clients via a highly optimized cryptographic protocol. Pung also allows for anonymous group conversations and asynchronous retrievals, which neither FTMix nor Vuvuzela provide. Again, we deployed a minimally adjusted fork of the Pung source code that integrates into our ACS test bed.

Fork of CPIR system Pung with minimal adjustments for evaluation purposes: numbleroot/pung.

As part of this repository, we provide the Google Cloud Platform (GCP) instance configurations that we deployed in order to conduct our experiments. The files define the system to deploy, which zones should experience failures if so indicated, a list of servers with precise configuration, and a list of clients with precise configurations. In our evaluation, we deployed 1,000, 2,000, and 3,000 logical users per ACS and failure scenario, respectively. The files can be parsed and applied by util runexperiments.

• GCP configurations for 1,000 clients: ./gcloud-configs_clients-1000.
• GCP configurations for 2,000 clients: ./gcloud-configs_clients-2000.
• GCP configurations for 3,000 clients: ./gcloud-configs_clients-3000.

We provide the full set of obtained measurements and collected log files for all failure scenarios and user bases each of the ACS has been evaluated under as an xz-compressed archive. After having downloaded it, unpack and decompress it using tar with xz.

2019 ACS evaluation measurements (size: 463 MB): https://osf.io/nfzy5.