Lox: Protecting the Social Graph in Bridge Distribution

Authors: Lindsey Tulloch (University of Waterloo), Ian Goldberg (University of Waterloo)

Volume: 2023
Issue: 1
Pages: 494–509
DOI: https://doi.org/10.56553/popets-2023-0029

artifact

Download PDF

Abstract: In regions of the world where censorship of the Internet is used to limit access to information, monitor the activity of Internet users, and quash dissent, anti-censorship proxies, or bridges, can offer a connection to the open Internet beyond a censor's area of influence. Bridge distribution systems, built to publicly distribute large pools of bridges to users in censored regions, face the inherent conflict of providing bridges to unknown users when some of them may be malicious. If not designed with care, bridge distribution systems can be quickly overwhelmed by attacks from censors, undermining the integrity of the system and the safety of users. It is therefore crucial to prioritize protecting users when developing such systems.

In this paper, we present a new bridge distribution system, Lox. Lox prioritizes protecting the privacy of users and their social graphs and incorporates enumeration resistance mechanisms to improve access to bridges and limit the malicious behaviour of censors. We use an updated unlinkable multi-show anonymous credential scheme, suitable for a single credential issuer and verifier, to protect Lox bridge users and their social networks from being identified by malicious actors. We formalize a trust level scheme that is compatible with anonymous credentials and effectively limits malicious behaviour while maintaining user anonymity. Our work includes an open-sourced, Rust implementation of our Lox protocols as well as an evaluation of their performance. With reasonable performance and latency for the expected user base of our system, we demonstrate Lox as a practical, social graph protective bridge distribution system.

Keywords: bridge distribution, censorship resistance, anonymous credentials

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.