Riposte: An Anonymous Messaging System Handling Millions of Users

Henry Corrigan-Gibbs, Dan Boneh, and David Mazières

IEEE Symposium on Security and Privacy (Oakland)
May 18-20, 2015, San Jose, California

Caspar Bowden Award for Outstanding Research in Privacy Enhancing Technologies
IEEE S&P Distinguished Paper Award

Materials
Abstract

This paper presents Riposte, a new system for anonymous broadcast messaging. Riposte is the first such system, to our knowledge, that simultaneously protects against traffic-analysis attacks, prevents anonymous denial-of-service by malicious clients, and scales to million-user anonymity sets. To achieve these properties, Riposte makes novel use of techniques used in systems for private information retrieval and secure multi-party computation. For latency-tolerant workloads with many more readers than writers (e.g. Twitter, Wikileaks), we demonstrate that a three-server Riposte cluster can build an anonymity set of 2,895,216 users in 32 hours.