Prof. Ueli Maurer and his PhD student Fabio Banfi , both part of Information Security and Cryptography research group at the ETH Institute of Theoretical Computer Science published a very interesting paper that was presented at this year’s Conference on Security and Cryptography for Networks (SCN 2020). It deals with the anonymity of probabilistic encryption (pE) and probabilistic authenticated encryption (pAE).
When you surf the web and connect to a server, usually both confidentiality and authenticity of the transmitted data is guaranteed by the cryptography implemented in TLS. That is, the underlying authenticated encryption scheme ensures that no bad actor eavesdropping on the traffic between you and the server is able to 1) gain any information about what is sent and 2) modify in any way the exchanged data. But is this enough?
A third crucial security property that is desirable when communicating over the internet is anonymity: If there are more clients communicating with the same server, you might additionally wish that an eavesdropper cannot even tell whether it is you or any other client who is sending the data. Does authenticated encryption guarantee this as well, and if so how and under which conditions? Maurer and Banfi aim at answering this question by mathematically modelling communication between many clients and one server in Constructive Cryptography, a framework which allows to define security from an application-centric perspective.
In more detail, they ask the question whether authenticated encryption preserves anonymity, that is, if it authenticates and secures traffic exchanged over an insecure network, but does not destroy any form of anonymity which is already present. They answer in the positive by giving precise conditions under which this is the case.
For more details, see the full paper or have a look to the conference video: