Riffle employs a privacy-enhancing protocol that provides strong anonymity for secure and anonymous communication within groups. The protocol is designed using the anytrust model, which ensures that even if colluding servers attempt to compromise the privacy of the group, they cannot do so if at least one server in the group is honest.[1]
To achieve its goals, Riffle implements two distinct protocols: the Hybrid Shuffle protocol for sending and Private Information Retrieval (PIR) for receiving.[4]
For sending information, Riffle uses a hybrid shuffle, consisted of a verifiable shuffle and a symmetric-key algorithm. The Hybrid Shuffle protocol consists of a setup phase and a transmission phase. During the setup phase, a slow verifiable shuffle based on public key cryptography is used, while an efficient shuffle based on symmetric key cryptography is used during the transmission phase.[4] Messages sent over Riffle are not forwarded if they have been altered by a compromised server. The server has to attach proof in order to forward the message. If a server encounters unauthenticated messages or different permutations, it exposes the signed message of the previous server and runs the accusation protocol to ensure verifiability without requiring computationally intensive protocols during transmission phases.[4]
For receiving information it utilizes multi-server Private Information Retrieval. All servers in the system share a replicated database, and when a client requests an entry from the database, they can cooperatively access it without knowing which entry they are accessing.[4]
The main intended use-case is anonymous file sharing. According to the lead project researcher, Riffle is intended to be complementary to Tor, not a replacement.[5]