AOT: Anonymization by Oblivious Transfer

Farid Javani
Department of CSEE, UMBC

Friday, May 7, 2021
remotely via WebEx:

A recording of the talk can be found here.


We introduce AOT, an anonymous communication system based on mix network architecture that uses oblivious transfer (OT) to deliver messages such that a network adversary cannot link senders and receivers. Each user discovers any message sent to them and asks for the message using OT, hiding which message they receive from AOT. Using OT to deliver messages helps AOT resist blending (n-1) attacks and helps AOT preserve receiver anonymity, even if a covert adversary controls all nodes in AOT.

AOT comprises three levels of nodes, where each level performs a different function. The sender first encrypts a payload with the public key of the recipient and attaches a tag derived from a secret shared between the sender and receiver. The sender then encrypts their payload and tag with the public key of a Level-2 node and sends them to a Level-1 node. Level-1 nodes strip the sender information from the messages and send them to Level-2 nodes in batches. Level-2 nodes decrypt the messages, create dummy messages, and send the real and dummy messages to Level-3 nodes in batches. Dummy messages help resist blending attacks. At each level, all nodes at that level perform the same function and can scale horizontally (more nodes can be added at each level).

On a public bulletin board, Level-3 nodes publish tags associated with messages ready to be retrieved. Each receiver checks the bulletin board, identifying tags associated with messages that are ready for them. Using OT, each receiver requests the messages associated with such tags from among a larger set of messages. A receiver can receive their messages even if the receiver is offline when messages are ready. Only the intended recipient can decrypt the payloads, because they are encrypted with the recipient’s public key.

Through what we call a “handshake” process, communicants can use the AOT protocol to establish shared secrets, confidentially and anonymously. This handshake process is also useful in other applications. Users play an active role in contributing to the unlinkability of messages: periodically, users initiate requests to AOT to receive dummy messages, in such a way that an adversary cannot distinguish real and dummy requests.

About the Speaker:

Farid Javani is senior manager of the Enterprise Architecture Team in CCC Information Services in Chicago. He will receive his PhD in computer science from UMBC in May 2021 for his work on privacy preserving protocol with Dr. Alan T. Sherman. He can be reached at:


Alan T. Sherman,


Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681.