Existing metadata-private messaging systems rely on resource-intensive, inflexible pre-coordination “dialing” phases, hindering dynamic multi-session switching; moreover, mandatory traffic uniformization further degrades performance. This paper introduces PingPong, the first coordination-free metadata-private communication architecture, which replaces the conventional “dial–chat” paradigm with a “notify–retrieve” model—eliminating temporal and round-synchronization constraints entirely. PingPong comprises two core components: Ping (privacy-preserving notification) and Pong (privacy-preserving storage), synergistically integrating hardware-enforced secure enclaves (e.g., SGX/TEE), custom oblivious algorithms, and a lightweight traffic uniformization protocol. Evaluated on a 32-node prototype deployment, PingPong achieves significantly higher bandwidth utilization and outperforms state-of-the-art systems in effective throughput, while enabling real-time, modern instant-messaging–like interactivity.

For those seeking end-to-end private communication free from pervasive metadata tracking and censorship, the Tor network has been the de-facto choice in practice, despite its susceptibility to traffic analysis attacks. Recently, numerous metadata-private messaging proposals have emerged with the aim to surpass Tor in the messaging context by obscuring the relationships between any two messaging buddies, even against global and active attackers. However, most of these systems face an undesirable usability constraint: they require a metadata-private"dialing"phase to establish mutual agreement and timing or round coordination before initiating any regular chats among users. This phase is not only resource-intensive but also inflexible, limiting users' ability to manage multiple concurrent conversations seamlessly. For stringent privacy requirement, the often-enforced traffic uniformity further exacerbated the limitations of this roadblock. In this paper, we introduce PingPong, a new end-to-end system for metadata-private messaging designed to overcome these limitations. Under the same traffic uniformity requirement, PingPong replaces the rigid"dial-before-converse"paradigm with a more flexible"notify-before-retrieval"workflow. This workflow incorporates a metadata-private notification subsystem, Ping, and a metadata-private message store, Pong. Both Ping and Pong leverage hardware-assisted secure enclaves for performance and operates through a series of customized oblivious algorithms, while meeting the uniformity requirements for metadata protection. By allowing users to switch between conversations on demand, PingPong achieves a level of usability akin to modern instant messaging systems, while also offering improved performance and bandwidth utilization for goodput. We have built a prototype of PingPong with 32 8-core servers equipped with enclaves to validate our claims.