A certificateless approach to onion routing

  • Dario Catalano
  • Dario Fiore
  • Rosario Gennaro
Regular Contribution


Onion routing protocols allow users to establish anonymous channels to preserve their privacy over a public network. Several protocols implementing this primitive have been proposed in recent years, and The onion routing network (Tor), a real-life implementation, provides an onion routing service to thousands of users over the Internet. This paper presents Certificateless Onion Routing a new approach to the problem. Starting from the identity-based solution (PB-OR) of Kate et al. (ACM TISSEC 2000), we adopt the certificateless setting introduced by Al-Riyami and Paterson in 2003. Such a setting is particularly well suited in practice as it retains the good aspects of identity-based cryptography (no PKI is required) and traditional public key cryptography (there is no key escrow). Next, we present a novel certificateless key-encapsulation mechanism and we show how to turn it into a very efficient (and provably secure!) certificateless onion routing protocol. When compared with Tor and PB-OR, our protocol offers better performances, especially when current security levels (i.e., 128 bits) are considered. In particular, our scheme significantly improves the computational costs required from each router. In this sense, our solution is up to 7 times faster than PB-OR and up to 11 times faster than Tor.


Anonymity Onion routing Certificateless cryptography Tor 



The authors would like to thank Nikita Borisov for suggesting the problem and pointing them to [25] and Gregory Neven for suggesting the use of the General Forking Lemma. The second author did most of the work while at University of Catania. The research of Dario Fiore has been partially supported by the European Union’s Horizon 2020 Research and Innovation Programme under grant agreement 688722 (NEXTLEAP), the Spanish Ministry of Economy under project reference TIN2015-70713-R (DEDETIS) and under a Juan de la Cierva fellowship to Dario Fiore, and by the Madrid Regional Government under project N-Greens (ref. S2013/ICE-2731).


  1. 1.
    Abdalla, M., Bellare, M., Rogaway, P.: The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Proceedings of CT-RSA 2001, volume 2020 of LNCS, pp. 143–150. Springer, New York (2001)Google Scholar
  2. 2.
    Al-Riyami, S., Paterson, K.: Certificateless public key cryptography. In: Advances in Cryptology—ASIACRYPT 2003, volume 2894 of LNCS, pp. 452–473. Springer, New York (2003)Google Scholar
  3. 3.
    Baek, J.: Important note on certificateless public key encryption without pairing. (2007)
  4. 4.
    Baek, J., Safavi-Naini, R., Susilo, W.: Certificateless public key encryption without pairing. In: Proceedings of the 8th International Conference on Information Security—ISC 2005, volume 3650 of LNCS, pp. 134–148. Springer, New York (2005)Google Scholar
  5. 5.
    Bellare, M., Neven, G.: New multi-signature schemes and a general forking lemma. In: Proceedings of the 13th Conference on Computer and Communications Security—ACM CCS 2006. ACM Press, New York (2006)Google Scholar
  6. 6.
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Advances in Cryptology—Eurocrypt 2004, volume 3027 of LNCS, pp. 56–73. Springer, New York (2004)Google Scholar
  7. 7.
    Boneh, D., Franklin, M.K.: Identity-based encryption from the weil pairing. SIAM J. Comput. 32(3):586–615 (2003). Also in CRYPTO (2001)Google Scholar
  8. 8.
    Camenisch, J., Lysyanskaya, A.: A formal treatment of onion routing. In: Advances in Cryptology—CRYPTO 2005, volume 3621 of LNCS, pp. 169–187. Springer, New York (2005)Google Scholar
  9. 9.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proceedings of the 42nd IEEE Symposium on Foundations of Computer Science (FOCS), pp. 136–145. IEEE (2001)Google Scholar
  10. 10.
    Cash, D., Kiltz, E., Shoup, V.: The twin diffie-hellman problem and applications. In: Advances in Cryptology—EUROCRYPT 2008, volume 4965 of LNCS, pp. 127–145. Springer, New York (2008)Google Scholar
  11. 11.
    Catalano, D., Fiore, D., Gennaro, R.: Certificateless onion routing. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (ACM CCS 2009), pp. 151–160. ACM Press, New York (2009)Google Scholar
  12. 12.
    Chaum, D.: Untraceable electronic mail, return address and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  13. 13.
    Dai, W.: PipeNet 1.1.
  14. 14.
    Dent, A.: A survey of certificateless encryption schemes and security models. Int. J. Inf. Secur. 7(5), 347–377 (2008)CrossRefGoogle Scholar
  15. 15.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Dingledin, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium, pp. 303–320 (2004)Google Scholar
  17. 17.
    Dingledine, R., Mathewson, N.: Tor protocol specification, 2008.
  18. 18.
    ECRYPT. Yearly report on algorithms and key sizes (2007–2008), July 2008.
  19. 19.
    Fiore, D., Gennaro, R.: Making the Diffie–Hellman protocol identity-based. In: Proceedings of CT-RSA 2010, volume 5985 of LNCS, pp. 165–178. Springer, New York (2010). Also in
  20. 20.
    Freedman, M., Morris, R.: Tarzan: A peer-to-peer anonymizing network layer. In: Proceedings of the 9th ACM Conference on Computer and Communication Security (CCS 2002), pp. 193–206. ACM Press, New York (2002)Google Scholar
  21. 21.
    Goldberg, I.: On the security of the tor authentication protocol. In: Proceedings of the 6th Workshop on Privacy Enhancing Technologies (PET 2006), volume 4258 of LNCS, pp. 316–331. Springer, New York (2006)Google Scholar
  22. 22.
    Goldschlag, D., Reed, M., Syverson, P.: Hiding routing informations. In: Proceedings of the First International Workshop on Information Hiding, volume 1174 of LNCS, pp. 137–150. Springer, New York (1996)Google Scholar
  23. 23.
    Goldschlag, D., Reed, M., Syverson, P.: Onion routing for anonymous and private internet connections. Commun. ACM 42(2), 84–88 (1999)CrossRefGoogle Scholar
  24. 24.
    Kate, A., Goldberg, I.: Using sphinx to improve onion routing circuit construction. In: Proceedings of the 14th International Conference on Financial Cryptography and Data Security (FC 2010) (2010) to appearGoogle Scholar
  25. 25.
    Kate, A., Zaverucha, G., Goldberg, I.: Pairing-based onion routing. In: Proceedings of the 7th Privacy Enhancing Technologies Symposium (PETS 2007), volume 4776 of LNCS, pp. 95–112. Springer, New York (2007)Google Scholar
  26. 26.
    Kate, A., Zaverucha, G., Goldberg, I.: Pairing-based onion routing with improved forward secrecy. ACM Transactions on Information and System Security (2009)Google Scholar
  27. 27.
    Lynn, B.: Pbc: The pairing-based crypto library.
  28. 28.
    Moller, B.: Provably secure public key encryption for length-preserving chaumian mixes. In: Proceedings of CT-RSA 2003, volume 2612 of LNCS, pp. 244–262. Springer, New York (2003)Google Scholar
  29. 29.
    NIST. Recommendations for key management part 1: General, August 2005.
  30. 30.
    Øverlier, L., Syverson, P.: Improving efficiency and simplicity of tor circuit establishment and hidden services. In: Proceedings of the 7th Privacy Enhancing Technologies Symposium (PETS 2007), volume 4776 of LNCS, pp. 134–152. Springer, New York (2007)Google Scholar
  31. 31.
    Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361–396 (2000)CrossRefzbMATHGoogle Scholar
  32. 32.
    Reed, M., Syverson, P., Goldschlag, D.: Anonymous connections and onion routing. IEEE J. Selected Ares Commun. 16(4), 482–494 (1998)CrossRefGoogle Scholar
  33. 33.
    Renhard, M., Plattner, B.: Introducing MorphMix: peer-to-peer based anonymous Internet usage with collusion detection. In Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2002), pp. 91–102. ACM Press, New York (2002)Google Scholar
  34. 34.
    Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: Symposium on Cryptography and Information Security (2000)Google Scholar
  35. 35.
    Schnorr, C.: Efficient identification and signatures for smart cards. In: Advances in Cryptology—CRYPTO ’89, volume 435 of LNCS, pp. 239–252. Springer, New York (1989)Google Scholar
  36. 36.
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Advances in Cryptology—CRYPTO 1984, 47–53 (1985)Google Scholar
  37. 37.
    Shoup, V., Gennaro, R.: Securing threshold cryptosystems against chosen ciphertext attack. In: Advances in Cryptology—Proceedings of EUROCRYPT ’98, volume 1403 of LNCS, pp. 1–16. Springer, New York (1998)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  1. 1.Università di CataniaCataniaItaly
  2. 2.IMDEA Software InstitutePozuelo de AlarconSpain
  3. 3.City College of New YorkNew YorkUSA

Personalised recommendations