Duo-Onions and Hydra-Onions — Failure and Adversary Resistant Onion Protocols

  • Jan Iwanik
  • Marek Klonowski
  • Miroslaw Kutyłowski
Conference paper
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 175)


A serious weakness of the onion protocol, one of the major tools for anonymous communication, is its vulnerability to network failures and/or an adversary trying to break the communication. This is facilitated by the fact that each message is sent through a path of a certain length and a failure in a single point of this path prohibits message delivery. Since the path cannot be too short in order to offer anonymity protection (at least logarithmic in the number of nodes), the failure probability might be quite substantial.

The simplest solution to this problem would be to send many onions with the same message. We show that this approach can be optimized with respect to communication overhead and resilience to failures and/or adversary attacks. We propose two protocols: the first one mimics K independent onions with a single onion. The second protocol is designed for the case where an adaptive adversary may destroy communication going out of servers chosen according to the traffic observed by him. In this case a single message flows in a stream of K onions — the main point is that even when the adversary kills some of these onions, the stream quickly recovers to the original bandwidth — again K onions with this message would flow through the network.


Anonymity onion protocol adaptive adversary 


  1. Alon, N.: Testing Subgraphs in Large Graphs. ACM-SIAM FOCS 2001, 434–439.Google Scholar
  2. Berman R., Fiat A., Ta-Shma A.: Provable Unlinkability Against Traffic Analysis. Accepted for Financial Cryptography 2004.Google Scholar
  3. Berthold, O., Federrath, H., Köhntopp, M.: Project “Anonymity and Unobservability in the Internet.” Workshop on Freedom and Privacy by Design / CFP2000, ACM, 2000, 57–65.Google Scholar
  4. Chaum, D.: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. CACM 24(2) (1981) 84–88.Google Scholar
  5. Chaum, D.: The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability. Journal of Cryptology 1(1) (1988), 65–75.zbMATHMathSciNetCrossRefGoogle Scholar
  6. Czumaj, A., Kanarek, P., Kutyłowski, M., Loryś K.: Distributed Stochastic Processes for Generating Random Permutations. 10 ACM-SIAM SODA, 1999 271–280.Google Scholar
  7. Freedman, J., Sit, E., Cates, J., Morris, R.: Introducing Tarzan, a Peer-to-Peer Anonymizing Network Layer 1st International Workshop on Peer-to-Peer Systems (IPTPS02), Lecture Notes in Computer Science 2429. Springer-Verlag, 2002, 121–129.Google Scholar
  8. Gogolewski, M., Kutyłowski, M., Łuczak, T: Distributed Time stamping with Boomerang Onions. Manuscript.Google Scholar
  9. Gomułkiewicz, M., Klonowski, M., Kutyłowski, M.: Provable Unlinkability Against Traffic Analysis already after \(O\)(log(n)) steps!. Manuscript, 2004.Google Scholar
  10. Kesdogan D., Egner J., Büschkes R.: Stop-and-Go-MIXes Providing Probabilistic Anonymity in an Open System. Information Hiding '98 Lecture Notes in Computer Science 1525. Springer-Verlag, 83–98.Google Scholar
  11. Syverson P. F., Reed M. G., Goldschlag D. M.: Private Web Browsing. Journal of Computer Security Special Issue on Web Security 5 (1997) 237–248.Google Scholar
  12. Syverson P. F., Reed M. G., Goldschlag D. M.: Anonymous Connections and Onion Routing. IEEE Journal on Selected Areas in Communication. 16(4) (1998) 482–494.CrossRefGoogle Scholar
  13. Syverson, P., Tsudik, G., Reed, M., Landwehr., C.: Towards an Analysis of Onion Routing Security. Workshop on Design Issues in Anonymity and Unobservability, July 2000.Google Scholar
  14. Rackoff C, Simon D.R.: Cryptographic Defense Against Traffic Analysis. 25 ACM Symposium on Theory of Computing (1993) 672–681.Google Scholar
  15. Wright, M., Adler, M., Levine, B., Schields, C.: Defending Anonymous Communication Against Passive Logging Attacks. IEEE Symposium on Security and Privacy 2003, IEEE Computer Society, 28–38.Google Scholar

Copyright information

© International Federation for Information Processing 2005

Authors and Affiliations

  • Jan Iwanik
    • 1
  • Marek Klonowski
    • 1
  • Miroslaw Kutyłowski
    • 1
  1. 1.Institute of MathematicsWrocław Univ. of TechnologyWroclawPoland

Personalised recommendations