1. Field of the Invention
The present invention generally relates to electronic commerce on a distributed computer network, such as the Internet, and more particularly, to a system and associated protocols for communication between two entities across a computer network such that their identities remain concealed from each other, while ensuring that no third party is able to trace the existence of a conversation between them. The invention aims to ensure that the anonymity thus provided does not depend on the existence of any single trusted agent (or trusted third party) and is not compromised by the existence of malicious agents within or outside the system.
2. Background Description
In U.S. Pat. No. 5,794,207 to Walker et al., there is proposed a method and an electronic apparatus that allows prospective buyers of goods and services to communicate a binding purchase offer globally to potential sellers, for sellers to conveniently search for relevant purchase offers, and for sellers potentially to bind a buyer to a contract based on the buyer's purchase offer. An example of this system can be seen in the Priceline.com business (see http://-www.priceline.com), or in electronic procurement models. However, in this emerging world of e-commerce, the issue of privacy is believed by many to be a significant impediment to future growth.
David Chaum in an article entitled “Untraceable electronic mail, return addresses, and digital pseudonyms”, Communications of the ACM, 24, 2 (February 1981), pp. 84–88, proposed a system for anonymous electronic mail which employs a set of forwarding agents called mixes. The routing of messages through the various mixes was performed using a source routing algorithm. Each mix collects a few messages, waits a period of time and sends the messages out in a different order. Mixes are meant to prevent global eavesdroppers from tracing messages passing through them and thus provide sender and receiver unlinkability. But since routing is done at the source, there is no receiver anonymity. The source knows the receiver's identity. The strength of mixes is that even if one mix in a path is not compromised, the system continues to provide sender-receiver unlinkability against global eavesdroppers.
M. K. Reiter and A. D. Rubin in an article entitled “Crowds: Anonymity for Web Transactions”, ACM Transactions on Information and System Security, describes another approach. Crowds is a system consisting of a cooperative group of users which provides sender anonymity. It also provides receiver anonymity against local eavesdroppers and colluding forwarders called “jondos”. But Crowds does not envisage providing receiver anonymity against the sender himself. The Crowds system is basically designed for anonymous access to web pages where it is understood that the sender knows the location of the page he wants to access.