## Section: New Results

### Theoretical and practical aspects of anonymity

The concept of anonymity comes into play in a wide range of situations, varying from voting and anonymous donations to postings on bulletin boards and sending mails.

The systems for ensuring anonymity often use random mechanisms which can be described probabilistically, while the agents' interest in performing the anonymous action may be totally unpredictable, irregular, and hence expressible only nondeterministically. In the past, formal definitions of the concept of anonymity have been investigated either in a totally nondeterministic framework, or in a purely probabilistic one. We have proposed a notion of anonymity which combines both probability and nondeterminism, and which is suitable for describing the most general situation in which both the systems and the user can have both probabilistic and nondeterministic behavior. We have also investigated the properties of the definition for the particular cases of purely nondeterministic users and purely probabilistic users.

We have investigated notions of strong anonymity in [39] and [27] , [26] . One interesting feature of our approach is that in the purely probabilistic case, strong anonymity turns out to be independent from the probability distribution of the users. In [23] , [19] , [13] we have also investigated notions of weak anonymity. These are more realistic in the sense that they are more likely to be satisfied by the anonymity protocols used in practice.

Our notions of anonymity are defined in terms of observables for processes in the probabilistic -calculus. As one of the goals of the project is to develop a model checker and other verification tools for this calculus, that will provide also a way to check automatically that the protocols satisfy the intended anonymity properties.

#### Information-Theoretic approaches

In [20] we have proposed a framework in which anonymity protocols are interpreted as particular kinds of channels, and the degree of anonymity provided by the protocol as the converse of the channel's capacity. We have investigated how the adversary can test the system to try to infer the user's identity, and we have studied how his probability of success depends on the characteristics of the channel. We have then illustrated how various notions of anonymity can be expressed in this framework, and showed the relation with some definitions of probabilistic anonymity in literature.

In [24] , we have proposed a probabilistic process calculus to describe protocols for ensuring anonymity, and used the notion of relative entropy to measure the degree of anonymity that these protocols can guarantee. We have proved that the operators in the probabilistic process calculus are non-expansive, with respect to this measuring method. We have illustrated our approach by using the example of the Dining Cryptographers Problem.