Riffle (anonymity network)

{{Short description|Darknet anonymity network}}

Riffle is an anonymity network developed by researchers at MIT and EPFL as a response to the problems of the Tor network.

Riffle employs a privacy-enhancing protocol that provides strong anonymity for secure and anonymous communication within groups. The protocol is designed using the anytrust model, which ensures that even if colluding servers attempt to compromise the privacy of the group, they cannot do so if at least one server in the group is honest.{{Cite web |last=Uchill |first=Joe |date=2016-07-11 |title=Researchers tout new anonymity network |url=https://thehill.com/policy/cybersecurity/287255-researchers-tout-new-anonymity-network |access-date=2021-02-12 |website=TheHill |language=en}}

Like Tor, it utilizes onion routing.{{Cite web |last=Francisco |first=Iain Thomson in San |title=Meet Riffle, the next-gen anonymity network that hopes to trounce Tor |url=https://www.theregister.com/2016/07/13/riffle_next_gen_anonymity/ |access-date=2021-02-12 |website=www.theregister.com |language=en}} According to MIT's Larry Hardesty, researchers at MIT and the Qatar Computing Research Institute demonstrated a vulnerability in Tor's design.{{cite web |author=Larry Hardesty |date=11 July 2016 |title=How to stay anonymous online |url=https://news.mit.edu/2016/stay-anonymous-online-0711 |publisher=MIT News}}

To achieve its goals, Riffle implements two distinct protocols: the Hybrid Shuffle protocol for sending and Private Information Retrieval (PIR) for receiving.{{cite journal |last1=Kwon |first1=Albert |last2=Lazar |first2=David |last3=Devadas |first3=Srinivas |last4=Ford |first4=Bryan |date=1 April 2016 |title=Riffle: An Efficient Communication System With Strong Anonymity |url=http://people.csail.mit.edu/devadas/pubs/riffle.pdf |journal=Proceedings on Privacy Enhancing Technologies |volume=2 |pages=115–134 |doi=10.1515/popets-2016-0008 |hdl=1721.1/128773 |doi-access=free}}

For sending information, Riffle uses a hybrid shuffle, consisted of a verifiable shuffle and a symmetric-key algorithm. The Hybrid Shuffle protocol consists of a setup phase and a transmission phase. During the setup phase, a slow verifiable shuffle based on public key cryptography is used, while an efficient shuffle based on symmetric key cryptography is used during the transmission phase. Messages sent over Riffle are not forwarded if they have been altered by a compromised server. The server has to attach proof in order to forward the message. If a server encounters unauthenticated messages or different permutations, it exposes the signed message of the previous server and runs the accusation protocol to ensure verifiability without requiring computationally intensive protocols during transmission phases.

For receiving information it utilizes multi-server Private Information Retrieval. All servers in the system share a replicated database, and when a client requests an entry from the database, they can cooperatively access it without knowing which entry they are accessing.

The main intended use-case is anonymous file sharing. According to the lead project researcher, Riffle is intended to be complementary to Tor, not a replacement.{{Cite web|last=|first=|date=2016-08-31|title=Building a new Tor that can resist next-generation state surveillance|url=https://arstechnica.com/information-technology/2016/08/building-a-new-tor-that-withstands-next-generation-state-surveillance/|archive-url=|archive-date=|access-date=2021-02-12|website=Ars Technica|language=en-us}}