Anonymous communication, and anonymous Peer-to-Peer (P2P) file sharing systems in particular, have received considerable attention in recent years. In a P2P file sharing system there are three types of participants: publishers, who insert content into the system, servers, which store content, and readers, who retrieve the content from the servers. Existing anonymity P2P file sharing systems confer partial anonymity; they provide anonymity to participant pairs, such as servers and readers or publishers and readers, but do not consider the anonymity of all three types of participants together. In this work we propose two solutions for anonymous P2P file sharing systems, both of which provide anonymity to all three types of participants. The proposed solutions are based on indexing by global hash functions (rather than an index server), dispersal of information, and three anonymity tunnels - publishing tunnel, reading tunnel, and serving tunnel. Each anonymity tunnel is designed to protect the anonymity of a different user (publisher, reader or server respectively). In both solutions the publishing and reading tunnels are sender anonymity tunnels, where the serving tunnel is different in each solution. In the first solution, the serving tunnel is a rendezvous tunnel, constructed by means of a random walk and terminating at the server. In the second solution, which is based on Tor, the serving tunnel is built using Tor's hidden services. The first solution preserves anonymity in the presence of a semi-honest adversary that controls a limited number of nodes in the system. The second solution is based on Tor primitives and copes with the same adversary as that assumed in Tor. The second solution also enhances Tor, ensuring publisher, reader, and server anonymity.
