International Journal of Information Security

, Volume 12, Issue 1, pp 33–47 | Cite as

Fully non-interactive onion routing with forward secrecy

  • Dario Catalano
  • Mario Di Raimondo
  • Dario Fiore
  • Rosario Gennaro
  • Orazio Puglisi
Special Issue Paper


Onion routing is a privacy-enabling protocol that allows users to establish anonymous channels over a public network. In such a protocol, parties send their messages through \(n\) anonymizing servers (called a circuit) using several layers of encryption. Several proposals for onion routing have been published in recent years, and TOR, a real-life implementation, provides an onion routing service to thousands of users over the Internet. This paper puts forward a new onion routing protocol which outperforms TOR by achieving forward secrecy in a fully non-interactive fashion, without requiring any communication from the router and/or the users and the service provider to update time-related keys. We compare this to TOR which requires \(O(n^2)\) rounds of interaction to establish a circuit of size \(n\). In terms of the computational effort required to the parties, our protocol is comparable to TOR, but the network latency associated with TOR’s high round complexity ends up dominating the running time. Compared to other recently proposed alternative to TOR, such as the PB-OR (PETS 2007) and CL-OR (CCS 2009) protocols, our scheme still has the advantage of being non-interactive (both PB-OR and CL-OR require some interaction to update time-sensitive information), and achieves similar computational performances. We performed implementation and simulation tests that confirm our theoretical analysis. Additionally, while comparing our scheme to PB-OR, we discovered a flaw in the security of that scheme which we repair in this paper. Our solution is based on the application of forward secure encryption. We design a forward secure encryption scheme (of independent interest) to be used as the main encryption scheme in our onion routing protocol.


Onion routing TOR Forward secure encryption Anonymity 



Dario Fiore did the present work while at École Normale Supérieure in Paris. Rosario Gennaro did this work while at IBM T.J. Watson Research Center.


  1. 1.
    Al-Riyami, S., Paterson, K.: Certificateless public key cryptography. In: Advances in Cryptology—ASIACRYPT 2003, LNCS vol. 2894, pp. 452–473 (2003)Google Scholar
  2. 2.
    Anderson, R.: Two remarks on public key cryptology. Invited Lecture, ACM-CCS ’97.
  3. 3.
    Boneh, D., Boyen, X., Goh, E.: Hierarchical identity based encryption with constant size ciphertexts. In: Advances in Cryptology—Eurocrypt, LNCS vol. 3494, 440–456 (2005)Google Scholar
  4. 4.
    Boneh, D., Franklin, M.K.: Identity-based encryption from the weil pairing. SIAM J. Comput. 32(3), 586–615 (2003) (Also in CRYPTO 2001)Google Scholar
  5. 5.
    Camenisch, J., Lysyanskaya, A.: A formal treatment of onion routing. In: Advances in Cryptology—CRYPTO, LNCS vol. 3621, pp. 169–187 (2005)Google Scholar
  6. 6.
    Canetti, R., Halevi, S., Katz, J.: A forward-secure public key encryption scheme. In: Advances in cryptology—EUROCRYPT, LNCS vol. 2656, pp. 255–271 (2003)Google Scholar
  7. 7.
    Catalano, D., Fiore, D., Gennaro, R.: Certificateless onion routing. In: Proceedings of the 16th ACM Conference on Computer and Communication Security (CCS 2009). ACM Press, pp. 151–160Google Scholar
  8. 8.
    Chaum, D.: Untraceable electronic mail, return address and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  9. 9.
    Dai, W.: PipeNet 1.1
  10. 10.
    Dent, A.W.: A designer’s guide to KEMs. In: Paterson K.G. (eds.) Cryptography and Coding, 9th IMA International Conference, LNCS vol. 2898, pp. 133–151. Springer, Berlin, Germany (2003)Google Scholar
  11. 11.
    Danezis, G., Goldberg, I.: Sphinx: A compact and provably secure mix format. In: IEEE Symposium on Security and Privacy, pp. 269–282 (2009)Google Scholar
  12. 12.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)MathSciNetzbMATHCrossRefGoogle Scholar
  13. 13.
    Dingledin, R., Mathewson, N.: Tor protocol specification. (2008)
  14. 14.
    Dingledin, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security, Symposium, pp. 303–320 (2004)Google Scholar
  15. 15.
    ECRYPT: Yearly Report on Algorithms and Key Sizes (2007–2008). (July 2008)
  16. 16.
    Freedman, M., Morris, R.: Tarzan: A peer-to-peer anonymizing network layer. In: Proceedings of 9th ACM Conference on Computer and Communications Security (CCS 2002), pp. 193–206(2002)Google Scholar
  17. 17.
    Goldberg, I.: On the security of the tor authentication protocol. In: Proceedings of 6th Workshop on Privacy Enhancing Technologies (PET 2006), LNCS vol. 4258, pp. 316–331 (2006)Google Scholar
  18. 18.
    Goldschlag, D., Reed, M. Syverson, P.: Hiding routing informations. In: Proceedings of the First International Workshop on Information Hiding, LNCS vol. 1174, pp. 137–150 (1996)Google Scholar
  19. 19.
    Goldschlag, D., Reed, M., Syverson, P.: Onion routing for anonymous and private internet connections. Commun. ACM 42(2), 84–88 (1999)CrossRefGoogle Scholar
  20. 20.
    Kate, A., Goldberg, I.: Using Sphinx to improve onion routing circuit construction. In: Proceedings of Financial Cryptography and Data, Security (2010)Google Scholar
  21. 21.
    Kate, A., Zaverucha, G., Goldberg, I.: Pairing-based onion routing. In: Proceedings of 7th Privacy Enhancing Technologies Symposium (PETS 2007), LNCS vol. 4776, pp. 95–112 (2007)Google Scholar
  22. 22.
    Kate, A., Zaverucha, G., Goldberg, I.: Pairing-based onion routing with improved forward secrecy. In: ACM Transactions on Information and System Security (2009)Google Scholar
  23. 23.
    Lynn, B.: PBC: The Pairing-based crypto library.
  24. 24.
    Möller, B.: Provably secure public key encryption for length-preserving chaumian mixes. In: Proceedings of CT-RSA 2003, LNCS vol. 2612, pp. 244–262 (2003)Google Scholar
  25. 25.
    NIST: Recommendations for Key Management Part 1: General NIST Special Publication 800–57. August 2005.
  26. 26.
    Øverlier, L., Syverson, P.: Improving efficiency and simplicity of tor circuit establishment and hidden services. In: Proceedings of the 7th Privacy Enhancing Technologies Symposium (PETS 2007), LNCS vol. 4776, pp. 134–152 (2007)Google Scholar
  27. 27.
    Reed, M., Syverson, P., Goldschlag, D.: Anonymous Connections and Onion Routing. IEEE J. Select. Areas Commun. 16(4), 482–494 (1998)Google Scholar
  28. 28.
    Renhard, M., Plattner, B.: Introducing MorphMix: Peer-toPeer based anonymous internet usage with collusion detection. In: The Workshop on Privacy in the Electronic Society (WPES 2002), ACM, pp. 91–102(2002)Google Scholar
  29. 29.
    Shamir, A.: Identity-based cryptosystems and signature schemes advances in cryptology. In: Proceedings of CRYPTO ’84, pp. 47–53 (1985) Google Scholar
  30. 30.
    Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: Symposium on Cryptography and Information Security, Okinawa, Japan (2000)Google Scholar
  31. 31.
    Yao, D., Fazio, N., Dodis, Y., Lysyanskaya, A.: ID-based encryption for complex hierarchies with applications to forward security and broadcast encryption. In: Proceedings of the ACM Conference on Computer and Communications Security 2004 (CCS 2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Dario Catalano
    • 1
  • Mario Di Raimondo
    • 1
  • Dario Fiore
    • 2
  • Rosario Gennaro
    • 3
  • Orazio Puglisi
    • 1
  1. 1.Dipartimento di Matematica ed InformaticaUniversità di CataniaCataniaItaly
  2. 2.New York UniversityNew YorkUSA
  3. 3.Center for Algorithms and Interactive Scientific SoftwareCity College, CUNYNew YorkUSA

Personalised recommendations