Onion Franking: Abuse Reports for Mix-Based Private Messaging
Matthew Gregoire
Network and Distributed System Security (NDSS) Symposium 2025 · Day 2 · Privacy & Anonymity
In the realm of secure communication, end-to-end encrypted (E2EE) messaging systems have become the gold standard for protecting message content. However, as Matthew Gregoire highlights in his NDSS Symposium talk, "Onion Franking: Abuse Reports for Mix-Based Private Messaging," the privacy challenge extends beyond message content to **message metadata**—information about who is communicating with whom. This metadata, often overlooked, can be just as sensitive as the message itself, with the former director of the NSA famously stating, "we kill people based on metadata." While techniques like **mix nets** and **DC-nets** offer robust metadata hiding, they introduce a significant dilemma: how can platforms moderate abusive content when they are intentionally blind to sender-recipient relationships and message content?
AI review
Gregoire tackles a genuinely hard problem — reconciling abuse reporting with metadata-hiding systems — and delivers a cryptographically sound solution with practical performance numbers. The contribution is real: prior work in this space paid a 1-2 order-of-magnitude overhead tax, and he brings it to parity with standard E2EE franking, which is not a trivial result. The moderator-collusion accountability extensions (ZKPs + trap messages) are a nice bonus that generalize beyond onion systems.