Skip to main content

Privacy and Accountability in Networks via Optimized Randomized Mix-nets

Periodic Reporting for period 2 - PANORAMIX (Privacy and Accountability in Networks via Optimized Randomized Mix-nets)

Reporting period: 2016-09-01 to 2019-01-31

The Internet was not designed with privacy and anonymity in mind, and so who you are communicating with and what you are saying may be seen by network observers unless specific measures are taken. During the last decade there have been increasing concerns about privacy in online communications culminating in significant developments in the relevant legal framework in Europe as exemplified by the General Data Protection Regulation (GDPR), introduced in 2016 and implemented in 2018. Despite these developments the state of the art in the availability of privacy enhancing tools is still dire and European businesses and organisations have no reliable underlying infrastructure for providing privacy enhancing services.

The PANORAMIX team worked with the aim to provide Internet user privacy through the development of a multipurpose freely accessible platform based on 'mix-networks' (mix-nets), [1]. Mix-nets protect not only the content of communications from third parties, but also obfuscate the identity of the senders or receivers of messages, through the use of cryptographic relays. Mix-nets are networks of servers that receive messages from multiple senders, shuffle them, and then send them to their final destination. This means it is not possible to find the correspondence between network inputs and network outputs, making the network a completely opaque transmission relay system.

The aim of the PANORAMIX project was two-fold. First, deliver a framework for application development that utilises mix-nets and incorporates various mix-net implementations. The objective of the framework is to enable application development that utilises mix-net technology while exposing the programmers as little as possible to the underlying cryptography. The second objective of the project was to the showcase the framework in three high value use-cases that have wide exploitation potential (see [7] for links to these outputs).

The use-cases that were used to exemplify the PANORAMIX framework were E-voting, anonymised data collection and private messaging. The Zeus e-voting platform was developed by partner GRNET and delivers currently a most versatile Internet-based voting platform. Zeus has been used in hundreds of elections during the course of the project and is current a state of the art open platform e-voting system that can be freely used [5]. For anonymised data collection, SAP built an application for data collection and anonymisation that is now is in the process of being incorporated into the SAP HANA database management system. Finally, for private messaging, the project team built Katzenpost [6], a platform for mixing e-mail messages and a corresponding Android application.

Taking the efforts of the consortium further, members of the PANORAMIX consortium created NYM Technologies [4], a spin-off company that will take PANORAMIX outputs as a custodian and deliver mix-net services in additional application domains focusing first on the cryptocurrency space as well as in private e-mail and instant messaging. The startup, based in Switzerland, has already received venture capital funding, [2], and is currently in the process of setting up an EU based subsidiary.


References
[1] The Panoramix Video, https://www.youtube.com/watch?v=dQtk0NcTseg
[2] Rachel Rose O’Leary, This Binance Labs-Backed Crypto Startup Wants to Anonymize Everything, https://www.coindesk.com/this-binance-backed-crypto-startup-wants-to-anonymize-everything
[3] The Panoramix Project Web-Site, https://panoramix-project.eu
[4] Nym Technologies, https://nymtech.net
[5] The Zeus e-voting platform, https://zeus.grnet.gr/zeus/
[6] Katzenpost https://katzenpost.mixnetworks.org
[7] Panoramix.me https://panoramix.me
The work achieved can best be captured using the original objectives.

Objective 1: Building a Mix-Net Infrastructure for Europe. Achieved in the project by creating a European mix-network open-source codebase and infrastructure that has been used by the three high-value applications during the project course and will extend beyond the project's duration. All three use cases have been able to use it to accomplish their goals, and third parties are now able to leverage the same infrastructure to provide privacy-preserving communications based on mix networks.

Objective 2: Mix-Nets for Private E-voting. During the project, GRNET was able to evolve the e-voting platform such that large scale elections with hundreds of thousands, even millions of voters participating are possible The Zeus e-voting system now has the ability to process as many as 1M votes with enhanced privacy and has already been deployed in numerous election procedures. It is worth noting the high turnover that is achieved in Zeus elections: the mean is 80% and the median is 85% which is significant for the type of elections the system is used for.

Objective 3: Mix-Nets for Privacy-aware Cloud Data-Handling. The second use-case illustrated, by means of taxi trip data, that Panoramix can support private gathering of data to compile real time traffic maps or other smart city big data for about 1M-5M updates daily. Furthermore, a sweet spot between utility and privacy can be achieved, and that both anonymization strategies (mix-nets and differential privacy) make a valuable contribution by complementary strengths.

Objective 4: Mix-Nets for Privacy-preserving Messaging. The project team built Katzenpost, a platform for mixing e-mail messages and a corresponding Android application. The mix-net performance can reach less than 5s, or even faster, for suitable privacy parameterisations, and is within the user expectations as revealed by the feedback we obtained. Although the number of users is not very large yet, through continued support at both Greenhost and CCT as well as through the new spin-off NYM we expect the reach of mix-nets for privacy-preserving messaging to continue to increase.
The legacy of PANORAMIX looks promising.

The e-voting platform Zeus by GRNET has significantly advanced its marketability due to the project outputs and the number of voters and importance of elections carried out by the system is growing. The anonymised data collection application at SAP has received internal recognition and is on the way to be integrated in core components of user facing SAP products. For messaging, partners CCT and Greenhost are committed in maintaining the mix-net infrastructure, while the creation of the new entity, Nym Technologies SA will ensure the results of the PANORAMIX project in general and the messaging use-case specifically are built upon. Our outputs have also found already uses in industry independently of the consortium as exemplified by the adoption shown in the cases of the Lightning network and Google Deepmind.

At the same time, University partners are engaged in other related EU projects who will be users of PANORAMIX technology such as PRIVILEDGE (UEDIN, UT, GRNET), FENTEC (UEDIN, KUL) and MOSAICrOWN (SAP).
Panoramix official logo