Censorship resistant overlay publishing
Date of Submission:
November 1, 2011
The fundamental requirement of censorship resistance is content availability and discoverability --- it should be easy for users to find and access documents. At the same time, participating storage providers should be unaware of what they are storing to preserve plausible deniability. Fulfilling these requirements simultaneously seems impossible --- how does a system maintain a searchable index of content for users and yet hide it from storage providers? These paradoxical requirements have been previously reconciled by requiring out-of-band communication to either find ways to connect to the system, locate files, or learn file decryption keys --- an unacceptable situation when easy content discovery is critical. This paper describes a design for a peer-to-peer, permanent, and unblockable content store which is easily searchable and yet self-contained, i.e. does not require out-of-band communication. To achieve this, we separate file data, metadata, and encryption keys such that someone searching for information about a specific topic can retrieve all three components and reconstruct the file, but someone who only stores at most two components can neither determine the nature of the file content nor locate the missing component. We begin by identifying the core requirements for unblockable storage systems to resist state-level Internet censorship, construct a system that fulfills those requirements, and analyze how it avoids the problem of prior attempts at censorship resistance. Finally, we present measurements of a deployed proof-of-concept implementation, demonstrating the feasibility of our design.