Users often wish to communicate anonymously on the Internet, for example in group dis-cussion or instant messaging forums. Existing solutions are vulnerable to misbehaving users, however, who may abuse their anonymity to disrupt communication. Dining Cryptographers Networks (DC-nets) leave groups vulnerable to denial-of-service and Sybil attacks, mix net-works are difficult to protect against traffic analysis, and accountable voting schemes are un-suited to general anonymous messaging. DISSENT is the first general protocol offering provable anonymity and accountability for moderate-size groups, while efficiently handling unbalanced communication demands among users. We present an improved and hardened DISSENT protocol, define its precise security properties, and offer rigorous proofs of these properties. The improved protocol systematically addresses the delicate balance between provably hiding the identities of well-behaved users, while provably revealing the identities of disruptive users, a challenging task because many forms of misbehavior are inherently undetectable. The new protocol also addresses several non-trivial attacks on the original DISSENT protocol stemming from subtle design flaws. 1

Users often wish to communicate anonymously on the Internet, for example in group discussion or instant messaging forums. Existing solutions are vulnerable to misbehaving users, however, who may abuse their anonymity to disrupt communication. Dining Cryptographers Networks (DC-nets) leave groups vulnerable to denial-of-service and Sybil attacks, mix networks are difficult to protect against traffic analysis, and accountable voting schemes are unsuited to general anonymous messaging. DISSENT is the first general protocol offering provable anonymity and accountability for moderate-size groups, while efficiently handling unbalanced communication demands among users. We present an improved and hardened DISSENT protocol, define its precise security properties, and offer rigorous proofs of these properties. The improved protocol system-atically addresses the delicate balance between provably hiding the identities of well-behaved users, while provably revealing the identities of disruptive users, a challenging task because many forms of misbehavior are inherently undetectable. The new protocol also addresses several non-trivial attacks on the original DISSENT protocol stemming from subtle design flaws.

My research interests lie at the intersection of cryptographic research, and systems security and privacy research. With the rise of personal computers and the Internet in the last three decades, cryptography has received a tremen-dous amount of attention, which has led to its rapid and extensive development. It is now considered a full-fledged academic subject rather than an applied field in algebra and complexity theory. However, only a small fraction of this extensive cryptographic research is being used in practice. Practitioners and systems researchers prefer to build their systems using the basic encryption and signature schemes, and generally reliable but theoretically unsound security assumptions as most existing elaborate cryptographic protocols are not designed with careful consideration of real-world systems issues and threats. With few exceptions, these systems issues have remained largely unaddressed in the cryptography research community. My work aims at bridging this gap between cryptographic research, and system security (and privacy) research: Along with producing theoretically elegant cryptographic results, I endeavor to make them useful in real-world sce-narios. In the long run, I wish to resolve real-world security, privacy, and robustness issues with ever-growing Internet-based systems by developing advanced-yet-practical cryptographic tools. My current projects focus on developing cryptographic systems for privacy and decentralized trust. During my PhD at Waterloo and my postdoc at MPI-SWS, I concentrated mainly on bridging the gap between theoretical and

Users often wish to communicate anonymously on the Internet, for example, in group discussion or instant messaging forums. Existing solutions are vulnerable to misbehaving users, however, who may abuse their anonymity to disrupt communication. Dining Cryptographers Networks (DC-nets) leave groups vulnerable to denial-of-service and Sybil attacks; mix networks are difficult to protect against traffic analysis; and accountable voting schemes are unsuited to general anonymous messaging. DISSENT is the first general protocol offering provable anonymity and accountability for moderate-size groups, while efficiently handling unbalanced communication demands among users. We present an im-proved and hardened DISSENT protocol, define its precise security properties, and offer rigorous proofs of these properties. The improved protocol systematically addresses the delicate balance between provably hiding the identities of well-behaved users, while provably revealing the identities of disruptive users, a challenging task because many forms of misbehavior are inherently undetectable. The new protocol also addresses several nontrivial attacks on the original DISSENT protocol stemming from subtle design flaws.