OnionPIR: Effective Protection of Sensitive Metadata in Online Communication Networks

  • Daniel Demmler
  • Marco HolzEmail author
  • Thomas Schneider
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10355)


While great effort has been put into securing the content of messages transmitted over digital infrastructures, practical protection of metadata is still an open research problem. Scalable mechanisms for protecting users’ anonymity and hiding their social graph are needed. One technique that we focus on in this work is private information retrieval (PIR), an active field of research that enables private querying of data from a public database without revealing which data has been requested and a fundamental building block for private communication. We introduce two significant improvements for the multi-server scheme RAID-PIR (ACM CCSW’14): precomputing queries using the Method of four Russians and optimizing the database layout for parallel queries. We then propose OnionPIR, an anonymous messaging service as example application for PIR combined with onion routing that prevents the leakage of communication meta-data. By providing and evaluating a prototype, we show that OnionPIR is usable in practice. Based on our results, we conclude that it is possible to build and deploy such a service today, while its operating expenses are within the order of magnitude of those of traditional messaging services that leak metadata.


Private information retrieval Tor Privacy Meta-data protection 



We thank the anonymous reviewers for their valuable feedback on our paper. This work has been co-funded by the German Federal Ministry of Education and Research (BMBF) and by the Hessen State Ministry for Higher Education, Research and the Arts (HMWK) within CRISP, and by the DFG as part of project S5 within the CRC 1119 CROSSING.


  1. Albrecht, M., Bard, G., Hart, W.: Efficient multiplication of dense matrices over GF(2). ACM Trans. Math. Softw. 37, 9:1–9:14 (2010)CrossRefzbMATHGoogle Scholar
  2. Arlazarov, V., Dinic, E., Kronrod, M., Faradzev, I.: On economical construction of the transitive closure of a directed graph. USSR Acad. Sci. 134, 1209–1210 (1970)zbMATHGoogle Scholar
  3. Aguilar-Melchor, C., Barrier, J., Fousse, L., Killijian, M.-O.: XPIR: private information retrieval for everyone. In: Privacy Enhancing Technologies Symposium (PETS 2016), no. 2, pp. 155–174 (2016)Google Scholar
  4. Borisov, N., Danezis, G., Goldberg, I.: DP5: a private presence service. In: Privacy Enhancing Technologies Symposium (PETS 2015), no. 2, pp. 4–24 (2015)Google Scholar
  5. Bernstein, D.J.: Cryptography in NaCl (2009).
  6. Bayer, S., Groth, J.: Efficient zero-knowledge argument for correctness of a shuffle. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 263–280. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-29011-4_17 CrossRefGoogle Scholar
  7. Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13(7), 422–426 (1970)CrossRefzbMATHGoogle Scholar
  8. Bernstein, D.J., Lange, T., Schwabe, P.: The security impact of a new cryptographic library. In: Hevia, A., Neven, G. (eds.) LATINCRYPT 2012. LNCS, vol. 7533, pp. 159–176. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-33481-8_9 CrossRefGoogle Scholar
  9. Budurushi, J., Volkamer, M.: Feasibility analysis of various electronic voting systems for complex elections. In: International Conference for E-Democracy and Open Government 2014 (2014)Google Scholar
  10. Callas, J., Donnerhacke, L., Finney, H., Shaw, D., Thayer, R.: OpenPGP message format. RFC 4880, RFC Editor, November 2007.
  11. Corrigan-Gibbs, H., Boneh, D., Maziàres, D.: Riposte: an anonymous messaging system handling millions of users. In: IEEE Symposium on Security and Privacy (S&P 2015), pp. 321–338 (2015)Google Scholar
  12. Chor, B., Gilboa, N., Naor, M.: Private information retrieval by keywords. IACR Cryptology ePrint Archive, Report 1998/003 (1998).
  13. Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24, 84–90 (1981)CrossRefGoogle Scholar
  14. Chaum, D.: Blind signature systems. In: Advances in Cryptology - CRYPTO 1983, p. 153 (1983)Google Scholar
  15. Chaum, D., Javani, F., Kate, A., Krasnova, A., de Ruiter, J., Sherman, A.T., Das, D.: cMix: anonymization by high-performance scalable mixing. IACR Cryptology ePrint Archive, Report 2016/008 (2016).
  16. Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private information retrieval. In: Foundations of Computer Science (FOCS 1995), pp. 41–50 (1995)Google Scholar
  17. Devet, C., Goldberg, I.: The best of both worlds: combining information-theoretic and computational PIR for communication efficiency. In: Cristofaro, E., Murdoch, S.J. (eds.) PETS 2014. LNCS, vol. 8555, pp. 63–82. Springer, Cham (2014). doi: 10.1007/978-3-319-08506-7_4 Google Scholar
  18. Demmler, D., Herzberg, A., Schneider, T.: RAID-PIR: practical multi-server PIR. In: ACM Cloud Computing Security Workshop (CCSW 2014), pp. 45–56 (2014)Google Scholar
  19. Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: USENIX Security Symposium 2004, p. 21 (2004)Google Scholar
  20. Demmler, D., Schneider, T., Zohner, M.: Ad-hoc secure two-party computation on mobile devices using hardware tokens. In: USENIX Security Symposium 2014, pp. 893–908 (2014)Google Scholar
  21. Dowling, B., Stebila, D., Zaverucha, G.: Authenticated network time synchronization. In: USENIX Security Symposium 2016, pp. 823–840 (2016)Google Scholar
  22. Fette, I., Melnikov, A.: The websocket protocol. RFC 6455, RFC Editor, December 2011.
  23. Huang, Y., Chapman, P., Evans, D.: Privacy-preserving applications on smartphones. In: USENIX Workshop on Hot Topics in Security (HotSec 2011), p. 4 (2011)Google Scholar
  24. Henry, R.: Polynomial batch codes for efficient IT-PIR. In: Privacy Enhancing Technologies Symposium (PETS 2016), pp. 202–218 (2016)Google Scholar
  25. Kwon, A., Lazar, D., Devadas, S., Ford, B.: Riffle: an efficient communication system with strong anonymity. In: Privacy Enhancing Technologies Symposium (PETS 2016), pp. 115–134 (2016)Google Scholar
  26. Kushilevitz, E., Ostrovsky, R.: Replication is not needed: single database, computationally-private information retrieval. In: Foundations of Computer Science (FOCS 1997), pp. 364–373 (1997)Google Scholar
  27. Landau, S.: Mining the metadata: and its consequences. In: International Conference on Software Engineering (ICSE 2015), pp. 4–5 (2015)Google Scholar
  28. Lueks, W., Goldberg, I.: Sublinear scaling for multi-client private information retrieval. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 168–186. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-47854-7_10 CrossRefGoogle Scholar
  29. Lazar, D., Zeldovich, N.: Alpenhorn: bootstrapping secure communication without leaking metadata. In: USENIX Symposium on Operating Systems Design and Implementation (OSDI 2016), pp. 571–586 (2016)Google Scholar
  30. Mokbel, M.F., Chow, C.-Y., Aref, W.G.: The new Casper: query processing for location services without compromising privacy. In: International Conference on Very Large Data Bases (VLDB 2006), pp. 763–774 (2006)Google Scholar
  31. Mayer, J., Mutchler, P., Mitchell, J.C.: Evaluating the privacy properties of telephone metadata. Natl. Acad. Sci. 113(20), 5536–5541 (2016)CrossRefGoogle Scholar
  32. Mittal, P., Olumofin, F., Troncoso, C., Borisov, N., Goldberg, I.: PIR-tor: scalable anonymous communication using private information retrieval. In: USENIX Security Symposium 2011, p. 31 (2011)Google Scholar
  33. Open Whisper Systems. The difficulty of private contact discovery (2014).
  34. Ramsdell, B.: S/MIME version 3 message specification. RFC 2633, RFC Editor, June 1999.
  35. Sassaman, L., Cohen, B., Gate, T.P.: A secure method of pseudonymous mail retrieval. In: Workshop on Privacy in the Electronic Society (WPES 2005), pp. 1–9 (2005)Google Scholar
  36. Sanatinia, A., Noubir, G.: HOnions: towards detection and identification of misbehaving tor HSDirs. In: Hot Topics in Privacy Enhancing Technologies Symposium (HotPETS 2016) (2016)Google Scholar
  37. van den Hooff, J., Lazar, D., Zaharia, M., Zeldovich, N.: Vuvuzela: scalable private messaging resistant to traffic analysis. In: Symposium on Operating Systems Principles (SOSP 2015), pp. 137–152 (2015)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Technische Universität DarmstadtDarmstadtGermany

Personalised recommendations