Advertisement

A Formal Treatment of Onion Routing

  • Jan Camenisch
  • Anna Lysyanskaya
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3621)

Abstract

Anonymous channels are necessary for a multitude of privacy-protecting protocols. Onion routing is probably the best known way to achieve anonymity in practice. However, the cryptographic aspects of onion routing have not been sufficiently explored: no satisfactory definitions of security have been given, and existing constructions have only had ad-hoc security analysis for the most part.

We provide a formal definition of onion-routing in the universally composable framework, and also discover a simpler definition (similar to CCA2 security for encryption) that implies security in the UC framework. We then exhibit an efficient and easy to implement construction of an onion routing scheme satisfying this definition.

Keywords

Random Oracle Replay Attack Ideal Functionality Honest Party Pseudorandom Permutation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Backes, M., Pfitzmann, B., Waidner, M.: A general composition theorem for secure reactive systems. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 336–354. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    Berthold, O., Pfitzmann, A., Standtke, R.: The disadvantages of free MIX routes and how to overcome them. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 30–45. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Camenisch, J., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithms. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 126–144. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proc. 42nd IEEE Symposium on Foundations of Computer Science (FOCS), pp. 136–145 (2001)Google Scholar
  5. 5.
    Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 255–271. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  7. 7.
    Chaum, D.: Security without identification: Transaction systems to make big brother obsolete. Communications of the ACM 28(10), 1030–1044 (1985)CrossRefGoogle Scholar
  8. 8.
    Chaum, D.: The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of Cryptology 1, 65–75 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Danezis, G.: The traffic analysis of continuous-time mixes. In: Privacy Enhancing Technologies, PET (2004)Google Scholar
  10. 10.
    Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: The second-generation onion router. In: USENIX Security Symposium, pp. 303–320. USENIX (2004)Google Scholar
  11. 11.
    Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography. SIAM Journal on Computing (2000)Google Scholar
  12. 12.
    Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Onion routing for anonymous and private internet connections. Comm. of the ACM 42(2), 84–88 (1999)CrossRefGoogle Scholar
  13. 13.
    Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences 28(2), 270–299 (1984)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Kesdogan, D., Agrawal, D., Penz, S.: Limits of anonymity in open environments. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 53–69. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Luby, M., Rackoff, C.: How to construct pseudorandom permutations and pseudorandom functions. SIAM J. Computing 17(2), 373–386 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Möller, B.: Provably secure public-key encryption for length-preserving Chaumian mixes. In: Cryptographer’s Track — RSA 2003, pp. 244–262. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: IEEE Symposium on Research in Security and Privacy, pp. 184–200. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  18. 18.
    Reiter, M.K., Rubin, A.D.: Crowds: anonymity for Web transactions. ACM Transactions on Information and System Security (TISSEC) 1(1), 66–92 (1998)CrossRefGoogle Scholar
  19. 19.
    Shoup, V.: A proposal for an ISO standard for public key encryption (2001), http://eprint.iacr.org/2001/112
  20. 20.
    Shoup, V.: Sequences of games: a tool for taming complexity in security proofs (2004), http://eprint.iacr.org/2004/332
  21. 21.
    Shoup, V., Gennaro, R.: Securing threshold cryptosystems against chosen ciphertext attack. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 1–16. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  22. 22.
    Wikström, D.: A universally composable mix-net. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 317–335. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  23. 23.
    Zhu, Y., Fu, X., Graham, B., Bettati, R., Zhao, W.: On flow correlation attacks and countermeasures in mix networks. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 207–225. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Jan Camenisch
    • 1
  • Anna Lysyanskaya
    • 2
  1. 1.Zurich Research LaboratoryIBM ResearchRüschlikon
  2. 2.Computer Science DepartmentBrown UniversityProvidenceUSA

Personalised recommendations