Applied Cryptography and Network Security

Volume 6715 of the series Lecture Notes in Computer Science pp 255-273

Fully Non-interactive Onion Routing with Forward-Secrecy

  • Dario CatalanoAffiliated withDipartimento di Matematica ed Informatica, Università di Catania
  • , Mario Di RaimondoAffiliated withDipartimento di Matematica ed Informatica, Università di Catania
  • , Dario FioreAffiliated withÉcole Normale Supérieure, CNRS - INRIA
  • , Rosario GennaroAffiliated withWatson Research Center, IBM T.J.
  • , Orazio PuglisiAffiliated withDipartimento di Matematica ed Informatica, Università di Catania

* Final gross prices may vary according to local VAT.

Get Access


In this paper we put forward a new onion routing protocol which achieves forward secrecy in a fully non-interactive fashion, without requiring any communication from the router and/or the users and the service provider to update time-related keys. We compare this to TOR which requires O(n 2) rounds of interaction to establish a circuit of size n. In terms of the computational effort required to the parties, our protocol is comparable to TOR, but the network latency associated with TOR’s high round complexity ends up dominating the running time. Compared to other recently proposed alternative to TOR (such as the PB-OR and CL-OR protocols) our scheme still has the advantage of being non-interactive (both PB-OR and CL-OR require some interaction to update time-sensitive information), and achieves similar computational performances. We performed extensive implementation and simulation tests that confirm our theoretical analysis. Additionally, while comparing our scheme to PB-OR, we discovered a flaw in the security of that scheme which we repair in this paper.

Our solution is based on the application of forward-secure encryption. We design a forward-secure encryption scheme (of independent interest) to be used as the main encryption scheme in an onion routing protocol.