Aligns formal adversary model with the rest

dbosk · dbosk · commit b5ba576a864d · 2018-11-21T15:11:12.000+01:00
diff --git a/fig/base-adversary.tikz b/fig/base-adversary.tikz
diff --git a/paper/.gitignore b/paper/.gitignore
@@ -1,5 +1,4 @@
-base-identity-cause-adversary.tikz
-base-identity-location-adversary.tikz
+base-adversary.tikz
 
 Jacobs-method.jpg
 anon.bib
diff --git a/paper/Makefile b/paper/Makefile
@@ -32,8 +32,8 @@ paper.pdf: ${SRC}
 FIGS+= 				proofshare.tikz
 proofshare.tikz: 	../fig/proofshare.tikz
 
-FIGS+= 				base-identity-proof-share-adversary.tikz
-base-identity-proof-share-adversary.tikz: ../fig/base-identity-proof-share-adversary.tikz
+FIGS+= 				base-adversary.tikz
+base-adversary.tikz: ../fig/base-adversary.tikz
 
 ${FIGS}:
 	${LN} $< $@
diff --git a/paper/adversary-model.tex b/paper/adversary-model.tex
@@ -1,22 +1,39 @@
-\subsection{Privacy adversary}%
-\label{adversary-model-different-levels}
+\subsection{Adversary model}%
+\label{formal-adversary-model}
 
-We provide one system model with two possible adversaries: one who tries to link a protester's real identity (\(P\)) to a protest proof-share (\(\cid\)) and one 
-that aims at linking a protester's or a witness's real identity (\(P\), respectively \(W\)), to a location (\(l\)).
-We also define varying strengths of each adversary.
+We now provide a concretely defined system and adversary model.
+We give three definitions, each defines an adversary with increasingly stronger 
+capabilities (\ie more auxiliary information).
 
-\paragraph{The identity--proof share linking adversary}
-
-There are three players: the protest participant (with identity) \(P\), a witness (with identity) \(W\) and the storage \(S\).
+There are three players: the protest participant (with identity) \(P\), a 
+witness (with identity) \(W\) and the storage \(S\).
 The adversary \(A\) controls \(W\) and \(S\).
+This is illustrated in \cref{fig:base-adversary}.
+
+\begin{figure}
+  \centering
+  \includegraphics{base-adversary.tikz}
+  \caption{\label{fig:base-adversary}%
+    An overview of the base adversary model.
+    The protester with real identity \(P\) and witness with real identity \(W\) 
+    communicate.
+    They exchange protocol data, \(d_{P,W}(\cid, P)\), and record the time it 
+    happened, \(t_{P,W}\).
+    The protester submits \(f(d_{P,W}(\cid, P))\), for some function \(f\), to 
+    the storage \(S\), who records the time it happened, \(t_{P,S}\).
+    Both the witness \(W\) and storage \(S\) are controlled by the adversary 
+    \(A\).
+  }
+\end{figure}
 
-\begin{definition}[Base identity--proof share adversary]%
-  \label{base-identity-proof-share-adversary}
+\begin{definition}[Base adversary]%
+  \label{base-adversary}
   The protester \(P\) and the witness \(W\) communicate.
-  Each learns only the protocol data \(d_{P,W}(\cid, P)\) and when it happened 
-  \(t_{P,W}\)\footnote{%
+  Each learns only the protocol data \(d_{P,W}(\cid, P)\) and when the 
+  communication occurred \(t_{P,W}\)\footnote{%
     Specifically, they do \emph{not} learn the real identities \(P\) and \(W\) 
-    directly, only if those appear in the data \(d_{P,W}(\cid, P)\).
+    directly from the communication medium, only if those appear in the data 
+    \(d_{P,W}(\cid, P)\).
   }.
   The protester \(P\) communicates with \(S\), in which \(S\) only learns 
   \(f(d_{P,W}(\cid, P))\), for some function \(f\), and the time of the 
@@ -25,33 +42,26 @@ \subsection{Privacy adversary}%
   do, but can additionally correlate what he learns from \(W\) and \(S\).
 \end{definition}
 
-This definition is illustrated in \cref{fig:identity-proof-share-adversary}.
-
-\begin{figure}
-  \centering
-  \includegraphics{base-identity-proof-share-adversary.tikz}
-  \caption{\label{fig:identity-proof-share-adversary}%
-    An overview of the base identity--proof share adversary model.
-    The protester with real identity \(P\) and witness with real identity \(W\) 
-    communicate and each learn only the protocol data, \(d_{P,W}(\cid, P)\), 
-    and the time it happened, \(t_{P,W}\).
-    The protester submits \(f(d_{P,W}(\cid, P))\), for some function \(f\), to 
-    the storage \(S\), who learns only that and the time it happened, 
-    \(t_{P,S}\).
-    Both the witness \(W\) and storage \(S\) are controlled by the adversary 
-    \(A\).
-  }
-\end{figure}
+The base adversary (\cref{base-adversary}) represents an adversary that has no 
+access to auxiliary information, \eg inferences that can be done from the 
+communication layer, which means that it has only the protocol data at its 
+disposal.
 
-We find \cref{base-identity-proof-share-adversary} suitable when the protester and witness both move in a crowd and there is no way for the witness to decide exactly with whom he or she communicates with.
-However, in some situations this might not be the case, \eg the crowd is not dense.
-In these situations the witness will likely see the face of the protester.
-We capture this by the following definition.
+We find \cref{base-adversary} suitable when the protester and witness both move 
+in a crowd and there is no way for the witness to decide exactly with whom he 
+or she communicates with.
+However, in some situations this might not be the case: \Eg if the crowd is not 
+dense the witness will likely see the face of the protester.
+If the witness is controlled by the adversary, then it is likely that the 
+witness can capture a picture of the face, which can be turned into an identity 
+through face recognition.
+There are various such scenarios leading to the adversary learning the 
+protester's identity, we capture this by the following definition.
 
-\begin{definition}[Stronger identity--proof share adversary]%
-  \label{stronger-identity-proof-share-adversary}
-  The situation is the same as in \cref{base-identity-proof-share-adversary}, but now the 
-  witness \(W\) learns the protester \(P\)'s identity.
+\begin{definition}[Deanonymizing-witness adversary]%
+  \label{deanonymizing-witness-adversary}
+  The situation is the same as in \cref{base-adversary}, but now the witness 
+  \(W\) learns the protester \(P\)'s identity from an auxiliary channel.
   (\(P\) will also learn \(W\)'s identity.)
   However, \(S\) still does not learn \(P\)'s identity.
 \end{definition}
@@ -60,8 +70,9 @@ \subsection{Privacy adversary}%
 However, given a strong enough adversary, such anonymous communication might not be possible.
 We capture such a strong adversary in the following definition.
 
-\begin{definition}[Strongest identity--proof share adversary]%
-  \label{strongest-identity-proof-share-adversary}
-  Everything is the same as in \cref{stronger-identity-proof-share-adversary}, except that now \(S\) also learns \(P\)'s identity.
+\begin{definition}[Deanonymizing adversary]%
+  \label{deanonymizing-adversary}
+  Everything is the same as in \cref{deanonymizing-witness-adversary}, except 
+  that now \(S\) also learns \(P\)'s identity from an auxiliary channel.
 \end{definition}
 
diff --git a/paper/definitions.tex b/paper/definitions.tex
@@ -2,7 +2,9 @@ \section{Definitions}
 We first present an abstraction of a protest and how to count the
 participation (\cref{protest-model}). Then, we formulate the desired
 verifiability (\cref{verifiability-properties}) and privacy properties
-(\cref{privacy-properties}) \sonja{add? as well as the adversary model (\cref{formal-adversary-model})}.
+(\cref{privacy-properties}).
+Finally, we define a more concrete adversary model 
+(\cref{formal-adversary-model}).
 
 \include*{protest-model}
 \include*{verifiability-properties}
