{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,6]],"date-time":"2026-05-06T10:57:53Z","timestamp":1778065073478,"version":"3.51.4"},"reference-count":17,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"2","license":[{"start":{"date-parts":[[2019,4,1]],"date-time":"2019-04-01T00:00:00Z","timestamp":1554076800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019,4,1]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Many anonymous communication networks (ACNs) with different privacy goals have been developed. Still, there are no accepted formal definitions of privacy goals, and ACNs often define their goals ad hoc. However, the formal definition of privacy goals benefits the understanding and comparison of different flavors of privacy and, as a result, the improvement of ACNs. In this paper, we work towards defining and comparing privacy goals by formalizing them as privacy notions and identifying their building blocks. For any pair of notions we prove whether one is strictly stronger, and, if so, which. Hence, we are able to present a complete hierarchy. Using this rigorous comparison between notions, we revise inconsistencies between the existing works and improve the understanding of privacy goals.<\/jats:p>","DOI":"10.2478\/popets-2019-0022","type":"journal-article","created":{"date-parts":[[2019,5,6]],"date-time":"2019-05-06T15:27:08Z","timestamp":1557156428000},"page":"105-125","source":"Crossref","is-referenced-by-count":31,"title":["On Privacy Notions in Anonymous Communication"],"prefix":"10.56553","volume":"2019","author":[{"given":"Christiane","family":"Kuhn","sequence":"first","affiliation":[{"name":"TU Dresden ,"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Martin","family":"Beck","sequence":"additional","affiliation":[{"name":"TU Dresden ,"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stefan","family":"Schiffner","sequence":"additional","affiliation":[{"name":"Universit\u00e9 du Luxembourg ,"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Eduard","family":"Jorswieck","sequence":"additional","affiliation":[{"name":"TU Dresden ,"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Thorsten","family":"Strufe","sequence":"additional","affiliation":[{"name":"TU Dresden ,"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"35752","published-online":{"date-parts":[[2019,5,4]]},"reference":[{"key":"2022061003225750224_j_popets-2019-0022_ref_001_w2aab3b7b7b1b6b1ab1ab1Aa","doi-asserted-by":"crossref","unstructured":"[1] M. Backes, A. Kate, P. Manoharan, S. Meiser, and E. Mohammadi. AnoA: A framework for analyzing anonymous communication protocols. Journal of Privacy and Confidentiality, 2017.10.29012\/jpc.v7i2.651","DOI":"10.29012\/jpc.v7i2.651"},{"key":"2022061003225750224_j_popets-2019-0022_ref_002_w2aab3b7b7b1b6b1ab1ab2Aa","doi-asserted-by":"crossref","unstructured":"[2] M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway. Relations among notions of security for public-key encryption schemes. In Advances in Cryptology \u2014 CRYPTO \u201998. 1998.10.1007\/BFb0055718","DOI":"10.1007\/BFb0055718"},{"key":"2022061003225750224_j_popets-2019-0022_ref_003_w2aab3b7b7b1b6b1ab1ab3Aa","doi-asserted-by":"crossref","unstructured":"[3] J.-M. Bohli and A. Pashalidis. Relations among privacy notions. TISSEC, 2011.10.1145\/1952982.1952986","DOI":"10.1145\/1952982.1952986"},{"key":"2022061003225750224_j_popets-2019-0022_ref_004_w2aab3b7b7b1b6b1ab1ab4Aa","doi-asserted-by":"crossref","unstructured":"[4] D. Chaum. The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of cryptology, 1988.10.1007\/BF00206326","DOI":"10.1007\/BF00206326"},{"key":"2022061003225750224_j_popets-2019-0022_ref_005_w2aab3b7b7b1b6b1ab1ab5Aa","unstructured":"[5] D. Chaum, F. Javani, A. Kate, A. Krasnova, J. de Ruiter, A. T. Sherman, and D. Das. cMix: Anonymization by high-performance scalable mixing. USENIX Security, 2016."},{"key":"2022061003225750224_j_popets-2019-0022_ref_006_w2aab3b7b7b1b6b1ab1ab6Aa","doi-asserted-by":"crossref","unstructured":"[6] D. L. Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 1981.10.1145\/358549.358563","DOI":"10.1145\/358549.358563"},{"key":"2022061003225750224_j_popets-2019-0022_ref_007_w2aab3b7b7b1b6b1ab1ab7Aa","doi-asserted-by":"crossref","unstructured":"[7] I. Clarke, O. Sandberg, B. Wiley, and T. W. Hong. Freenet: A distributed anonymous information storage and retrieval system. In Designing privacy enhancing technologies, 2001.10.1007\/3-540-44702-4_4","DOI":"10.1007\/3-540-44702-4_4"},{"key":"2022061003225750224_j_popets-2019-0022_ref_008_w2aab3b7b7b1b6b1ab1ab8Aa","doi-asserted-by":"crossref","unstructured":"[8] R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. Technical report, Naval Research Lab Washington DC, 2004.10.21236\/ADA465464","DOI":"10.21236\/ADA465464"},{"key":"2022061003225750224_j_popets-2019-0022_ref_009_w2aab3b7b7b1b6b1ab1ab9Aa","doi-asserted-by":"crossref","unstructured":"[9] C. Dwork, A. Roth, and others. The algorithmic foundations of differential privacy. Foundations and Trends\u00ae in Theoretical Computer Science, 2014.10.1561\/9781601988195","DOI":"10.1561\/9781601988195"},{"key":"2022061003225750224_j_popets-2019-0022_ref_010_w2aab3b7b7b1b6b1ab1ac10Aa","doi-asserted-by":"crossref","unstructured":"[10] N. Gelernter and A. Herzberg. On the limits of provable anonymity. In WPES, 2013.10.1145\/2517840.2517850","DOI":"10.1145\/2517840.2517850"},{"key":"2022061003225750224_j_popets-2019-0022_ref_011_w2aab3b7b7b1b6b1ab1ac11Aa","doi-asserted-by":"crossref","unstructured":"[11] S. Goldwasser and S. Micali. Probabilistic encryption. Journal of computer and system sciences, 1984.10.1016\/0022-0000(84)90070-9","DOI":"10.1016\/0022-0000(84)90070-9"},{"key":"2022061003225750224_j_popets-2019-0022_ref_012_w2aab3b7b7b1b6b1ab1ac12Aa","unstructured":"[12] A. Hevia and D. Micciancio. An indistinguishability-based characterization of anonymous channels. Lecture Notes in Computer Science, 2008."},{"key":"2022061003225750224_j_popets-2019-0022_ref_013_w2aab3b7b7b1b6b1ab1ac13Aa","doi-asserted-by":"crossref","unstructured":"[13] C. Kuhn, M. Beck, S. Schiffner, E. Jorswieck, and T. Strufe. On privacy notions in anonymous communication. In arXiv preprint arXiv:1812.05638, 2018.","DOI":"10.2478\/popets-2019-0022"},{"key":"2022061003225750224_j_popets-2019-0022_ref_014_w2aab3b7b7b1b6b1ab1ac14Aa","unstructured":"[14] A. Pfitzmann and M. Hansen. A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. 2010."},{"key":"2022061003225750224_j_popets-2019-0022_ref_015_w2aab3b7b7b1b6b1ab1ac15Aa","unstructured":"[15] A. M. Piotrowska, J. Hayes, T. Elahi, S. Meiser, and G. Danezis. The loopix anonymity system. In 26th USENIX Security Symposium, USENIX Security, 2017."},{"key":"2022061003225750224_j_popets-2019-0022_ref_016_w2aab3b7b7b1b6b1ab1ac16Aa","doi-asserted-by":"crossref","unstructured":"[16] M. K. Reiter and A. D. Rubin. Crowds: Anonymity for web transactions. TISSEC, 1998.10.1145\/290163.290168","DOI":"10.1145\/290163.290168"},{"key":"2022061003225750224_j_popets-2019-0022_ref_017_w2aab3b7b7b1b6b1ab1ac17Aa","unstructured":"[17] B. Zantout and R. Haraty. I2P data communication system. In ICN, 2011."}],"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/content.sciendo.com\/view\/journals\/popets\/2019\/2\/article-p105.xml","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.sciendo.com\/pdf\/10.2478\/popets-2019-0022","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,20]],"date-time":"2022-07-20T16:30:23Z","timestamp":1658334623000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2019\/popets-2019-0022.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,4,1]]},"references-count":17,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2019,5,4]]},"published-print":{"date-parts":[[2019,4,1]]}},"alternative-id":["10.2478\/popets-2019-0022"],"URL":"https:\/\/doi.org\/10.2478\/popets-2019-0022","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,4,1]]}}}