Repelling Detour Attack Against Onions with Re-encryption

  • Marek Klonowski
  • Mirosław Kutyłowski
  • Anna Lauks
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5037)


This paper is devoted to ModOnions – an anonymous communication protocol, for which a message is encoded as a set of onions and sent through intermediate nodes so that each node knows only its predecessor and its successor on the routing path. Moreover, encoding details enable universal re-encryption: each node re-encrypts the message so that no observer can link together the ciphertexts before and after re-encryption and re-encryption can be performed without any public key. ModOnions were supposed to offer many additional features over classical onion protocols, such as resilience against replay attack. However, during ISC’2006 George Danezis presented a detour attack against this construction. It enables to redefine the routing path by inserting intermediate corrupt nodes between each two nodes of the original routing path. In this way anonymity becomes completely broken. We show that after slight changes in the protocol the attack does not work anymore. The patch proposed can also be seen as a general method of enforcing who is the final addressee of a message encrypted with the ElGamal scheme and multiple public keys.


Intermediate Node Random Block Replay Attack Discrete Logarithm Problem Regular Onion 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Berman, R., Fiat, A., Ta-Shma, A.: Provable Unlinkability against Traffic Analysis. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 266–280. Springer, Heidelberg (2004)Google Scholar
  2. 2.
    Danezis, G.: Breaking Four Mix-Related Schemes Based on Universal Re-encryption. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 46–59. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Golle, P.: Reputable Mix Networks. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 51–62. Springer, Heidelberg (2005)Google Scholar
  4. 4.
    Golle, P., Jakobsson, M., Juels, A., Syverson, P.F.: Universal Re-encryption for Mixnets. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 163–178. Springer, Heidelberg (2004)Google Scholar
  5. 5.
    Gomułkiewicz, K.M., Kutyłowski, M.: Onions Based on Universal Re-encryption – Anonymous Communication Immune Against Repetitive Attack. In: Lim, C.H., Yung, M. (eds.) WISA 2004. LNCS, vol. 3325, pp. 400–410. Springer, Heidelberg (2005)Google Scholar
  6. 6.
    Gomułkiewicz, M., Klonowski, M., Kutyłowski, M.: Provable Unlinkability Against Traffic Analysis Already After \(\mathcal{O}(\log(n))\) Steps! In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 354–366. Springer, Heidelberg (2004)Google Scholar
  7. 7.
    Klonowski, M., Kutyłowski, M., Lauks, A., Zagórski, F.: Universal Re-encryption of Signatures and Controlling Anonymous Information Flow. In: WARTACRYPT 2004 Conference on Cryptology, vol. 33, pp. 179–188. Tatra Mountains Mathematical Publications (2006)Google Scholar
  8. 8.
    Kutyłowski, M., Klonowski, M., Zagórski, F.: Anonymous Communication with On-line and Off-line Onion Encoding. In: Vojtáš, P., Bieliková, M., Charron-Bost, B., Sýkora, O. (eds.) SOFSEM 2005. LNCS, vol. 3381, pp. 229–238. Springer, Heidelberg (2005)Google Scholar
  9. 9.
    Rackoff, C., Simon, D.R.: Cryptographic Defense Against Traffic Analysis. In: ACM Symposium on Theory of Computing, vol. 25, pp. 672–681 (1993)Google Scholar
  10. 10.
    Tsiounis, Y., Yung, M.: On the Security of ElGamal Based Encryption. In: Imai, H., Zheng, Y. (eds.) PKC 1998. LNCS, vol. 1431, pp. 117–134. Springer, Heidelberg (1998)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Marek Klonowski
    • 1
  • Mirosław Kutyłowski
    • 1
  • Anna Lauks
    • 1
  1. 1.Institute of Mathematics and Computer ScienceWrocław University of Technology 

Personalised recommendations