This research project aims to address the pressing need for enhanced privacy and anonymity in messaging protocols, an area that has received limited attention compared to confidentiality. While established messaging applications like Signal and WhatsApp implement strong encryption techniques, with Forward Security (FS) and Post-Compromise Security (PCS), privacy measures to protect user metadata remain rudimentary. This is problematic given real-world threats and regulatory frameworks like the GDPR and DMA, which underscore the importance of metadata reduction and privacy-preserving communication. The project seeks to establish a foundational understanding of privacy and anonymity in messaging systems. A key focus is on developing formal definitions for these properties, with a particular emphasis on the concept of an Anonymizing Wrapper (AW). This wrapper protocol is envisioned as a modular solution to encapsulate non-anonymous traffic, enabling messaging systems to achieve strong anonymity guarantees without extensive modifications. The researchers will extend these ideas to include more complex use cases, such as group messaging, and explore direct solutions that integrate anonymity mechanisms more efficiently. Preliminary work has laid the groundwork for this project, including the introduction of Forward Anonymity (FA) and Post-Compromise Anonymity (PCA), which mirror the principles of FS and PCS. Early prototypes of anonymizing wrappers demonstrated the feasibility of enhancing privacy guarantees, particularly in scenarios like mesh networks and interoperable messaging. However, these prototypes also revealed challenges in performance and scalability, which this project aims to overcome. The research will explore fundamental trade-offs and limitations associated with anonymity. This includes identifying the communication, computation, and storage overheads that anonymity protocols impose and finding ways to optimize these costs. Another critical focus is on adapting centralized components, such as delivery servers, to support anonymity without sacrificing functionality like spam filtering or sender blocking. The project’s outcomes will include proof-of-concept implementations, possibly integrated into existing protocols like Signal’s Double Ratchet and the Messaging Layer Security (MLS) standard, to demonstrate practical applicability. By addressing these challenges, the project aspires to develop efficient and practical tools for privacy-preserving messaging while setting new benchmarks in the field. The results are expected to inspire future research and contribute to the broader adoption of strong privacy and anonymity measures in real-world communication systems.

DFG Programme Research Grants