2PPS -- Publish/Subscribe with Provable Privacy

TL;DR

2PPS introduces a provably private publish/subscribe protocol ensuring anonymity for publishers and subscribers, scalable for microblogging with strong privacy guarantees even if some servers are malicious.

Contribution

It is the first pub/sub protocol providing provable privacy for both publishers and subscribers using distributed secret sharing and private information retrieval.

Findings

Handles 100,000 clients with 5 seconds latency

Lower bandwidth than comparable systems

Strong privacy with any single honest server

Abstract

Publish/Subscribe systems like Twitter and Reddit let users communicate with many recipients without requiring prior personal connections. The content that participants of these systems publish and subscribe to is typically public, but they may nevertheless wish to remain anonymous. While many existing systems allow users to omit explicit identifiers, they do not address the obvious privacy risks of being associated with content that may contain a wide range of sensitive information. We present 2PPS (Twice-Private Publish-Subscribe), the first pub/sub protocol to deliver strong provable privacy protection for both publishers and subscribers, leveraging Distributed Point Function-based secret sharing for publishing and Private Information Retrieval for subscribing. 2PPS does not require trust in other clients and its privacy guarantees hold as long as even a single honest server participant remains. Furthermore, it is scalable and delivers latency suitable for microblogging applications. A prototype implementation of 2PPS can handle 100,000 concurrent active clients with 5 seconds end-to-end latency and significantly lower bandwidth requirements than comparable systems.