Suppose an author signs his true name to a document before placing it into an anonymous publication system. Is the system still ``anonymous''? This situation raises a crucial question: where does the ``responsibility'' of an anonymous publication system begin, and where does it end? What can such a system reasonably be expected to protect?
We approach this question by introducing an ``ideal world'' for anonymous publication, influenced by work on secure multiparty computation [6,26]. The ideal anonymous system in this world consists of a trusted third party (TTP) Ted with secure channels to each party in the system. This TTP receives confidential messages, strips off the source information, and confidentially forwards the messages to their destinations in an unlinkable fashion. Our goal is to come up with a decentralized system that is able to simulate this TTP for each operation. Equivalently, if Alice is communicating through Ted to Bob, a set of protocols which allows Alice to communicate directly to Bob without Ted is said to be anonymous if the transcripts of communication are indistinguishable from those which include Ted. If they are distinguishable, then that difference is exactly the ``break'' that causes the system to fail to be anonymous.
This informal description requires significant work before it can become a formal model. For one thing, we have not precisely specified the meaning of a ``transcript,'' nor have we investigated the notion of ``security'' necessary for the channels between Ted, Alice, and Bob. Such work is outside the scope of this paper. Our point is that if an attack succeeds even in the ideal world, then it is ``outside'' the scope of an anonymous publication service.