Anonymity networks allow messaging with metadata privacy, providing better privacy than popular encrypted messaging applications. However, contacting a user on an anonymity network currently requires knowing their public key or similar high-entropy information, as these systems lack a privacy-preserving mechanism for contacting a user via a short, human-readable username. Previous research suggests that this is a barrier to widespread adoption. In this paper we propose Pudding, a novel private user discovery protocol that allows a user to be contacted on an anonymity network knowing only their email address. Our protocol hides contact relationships between users, prevents impersonation, and conceals which usernames are registered on the network. Pudding is Byzantine fault tolerant, remaining available and secure as long as less than one third of servers are crashed, unavailable, or malicious. It can be deployed on Loopix and Nym without changes to the underlying anonymity network protocol, and it supports mobile devices with intermittent network connectivity. We demonstrate the practicality of Pudding with a prototype using the Nym anonymity network. We also formally define the security and privacy goals of our protocol and conduct a thorough analysis to assess its compliance with these definitions.

翻译：匿名网络能够在元数据隐私保护下实现消息传递，其隐私保护能力优于主流加密通信应用。然而，当前在匿名网络中联系用户需要知晓其公钥或类似高熵信息，因为这类系统缺乏通过简短易记用户名进行隐私保护型联系机制。现有研究表明，这已成为阻碍其广泛普及的壁垒。本文提出布丁（Pudding），一种新型私密用户发现协议，允许仅凭用户电子邮件地址即可在匿名网络中实现联系。该协议隐藏用户间的联系关系，防止身份冒用，并隐藏网络上已注册的用户名。布丁具有拜占庭容错能力，在不超过三分之一服务器发生崩溃、不可用或恶意行为时仍能保持可用性和安全性。该协议无需修改底层匿名网络协议即可部署于Loopix和Nym系统，并支持网络间歇性连接的移动设备。我们通过基于Nym匿名网络的原型系统验证了布丁的实用性，同时正式定义了协议的安全与隐私目标，并开展全面分析以评估其对目标的满足程度。