Forward anonymity

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Forward anonymity, analogous to forward secrecy, in computer security and cryptography is the property which prevents an attacker who has recorded past communications from discovering the identities of the participants, even after the fact.

When speaking of forward secrecy, system designers attempt to prevent an attacker who has recorded past communications from discovering the contents of said communications later on. One example of a system which satisfies the perfect forward secrecy property is one in which a compromise of one key by an attacker (and consequent decryption of messages encrypted with that key) does not undermine the security of previously used keys.Forward secrecy does not refer to protecting the content of the message, but rather to the protection of keys used to decrypt messages.

One example of a system which uses forward anonymity is a public key cryptography system, where the public key is well known and used to encrypt a message, and an unknown private key is used to decrypt it. In this system, one of the keys is always said to be compromised, but messages and their participants are still unknown by anyone without the corresponding private key.


Originally introduced by Whitfield Diffie, Paul van Oorschot, and Michael James Wiener to describe a property of STS (station-to-station protocol) involving a long term secret, either a private key or a shared password. [1]

Public Key Cryptography[edit]

Public Key Cryptography is a common form of a forward anonymous system. It is used to pass encrypted messages, preventing any information about the message from being discovered if the message is intercepted by an attacker. It uses two keys, a public key and a private key. The public key is published, and is used by anyone to encrypt a plaintext message. The Private key is not well known, and is used to decrypt cyphertext. Public key cryptography is known as an asymmetric decryption algorithm because of different keys being used to perform opposing functions. Public key cryptography is popular because, while it is computationally easy to create a pair of keys, it is extremely difficult to determine the private key knowing only the public key. Therefore, the public key being well known does not allow messages which are intercepted to be decrypted. This is a forward anonymous system because one compromised key (the public key) does not compromise the anonymity of the system.

Web of Trust[edit]

A variation of the public key cryptography system is a Web of trust, where each user has both a public and private key. Messages sent are encrypted using the intended recipients public key, and only this recipients private key will decrypt the message. They are also signed with the senders private key. This creates added security where it becomes more difficult for an attacker to pretend to be a user, as the lack of a private key signature indicates an non-trusted user.


A forward anonymous system does not necessarily mean a wholly secure system. A successful cryptoanalysis of a message or sequence of messages can still decode the information without the use of a private key or long term secret.


Forward anonymity, along with other cryptography related properties, received a burst of media attention after the leak of classified information by Edward Snowden, beginning in June, 2013, which indicated that the NSA and FBI had practices of asking companies, to leave in back doors for them, allowing the companies and agencies to decrypt information stored on phones and other devices more easily, allowing them to more easily find and arrest various criminals. They especially publicized the aid this practice provided in catching predatory pedophiles.[2] Opponents to this practice argue that leaving in a back door to law enforcement increases the risk of attackers being able to decrypt information, as well as questioning its legality under the US Constitution, specifically being a form of illegal Search and Seizure[3]


  1. ^ [Diffie, Whitfield; van Oorschot, Paul C.; Wiener, Michael J. (June 1992). "Authentication and Authenticated Key Exchanges". Designs, Codes and Cryptography 2 (2): 107–125. doi:10.1007/BF00124891. Retrieved 2013-09-07.]
  2. ^ [1]
  3. ^ [2]