Pairing-Based Onion Routing

  • Aniket Kate
  • Greg Zaverucha
  • Ian Goldberg
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4776)


This paper presents a novel use of pairing-based cryptography to improve circuit construction in onion routing anonymity networks. Instead of iteratively and interactively constructing circuits with a telescoping method, our approach builds a circuit with a single pass. The cornerstone of the improved protocol is a new pairing-based privacy-preserving non-interactive key exchange. Compared to previous single-pass designs, our algorithm provides practical forward secrecy and leads to a reduction in the required amount of authenticated directory information. In addition, it requires significantly less computation and communication than the telescoping mechanism used by Tor. These properties suggest that pairing-based onion routing is a practical way to allow anonymity networks to scale gracefully.


Elliptic Curve Bilinear Pairing Random Oracle Model Forward Secrecy Anonymous Communication 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)Google Scholar
  2. 2.
    Camenisch, J., Lysyanskaya, A.: A Formal Treatment of Onion Routing. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 169–187. Springer, Heidelberg (2005)Google Scholar
  3. 3.
    Chaum, D.: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Communications of the ACM 4(2), 84–88 (1981)CrossRefGoogle Scholar
  4. 4.
    Chien, H., Lin, R.: Identity-based Key Agreement Protocol for Mobile Ad-hoc Networks Using Bilinear Pairing. In: SUTC 2006. IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, pp. 520–529. IEEE Computer Society Press, Los Alamitos (2006)Google Scholar
  5. 5.
    Dai, W.: PipeNet 1.1. Post to Cypherpunks mailing list (November 1998)Google Scholar
  6. 6.
    Dingledine, R., Mathewson, N.: The Tor Protocol Specification (accessed February 2007),
  7. 7.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The Second-Generation Onion Router. In: Proceedings of the 13th USENIX Security Symposium (August 2004)Google Scholar
  8. 8.
    Dupont, R., Enge, A.: Provably secure non-interactive key distribution based on pairings. Discrete Applied Mathematics 154(2), 270–276 (2006)zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Blake, I. (ed.): Advances in Elliptic Curve Cryptography. London Mathematical Society Lecture Note Series, vol. 317. Cambridge University Press, Cambridge (2005)zbMATHGoogle Scholar
  10. 10.
    Freedman, M.J., Morris, R.: Tarzan: A Peer-to-Peer Anonymizing Network Layer. In: CCS 2002. Proceedings of the 9th ACM Conference on Computer and Communications Security, ACM Press, Washington, DC (2002)Google Scholar
  11. 11.
    Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 537–554. Springer, Heidelberg (2001)Google Scholar
  12. 12.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure Distributed Key Generation for Discrete-Log Based Cryptosystems. Journal of Cryptology 20(1), 51–83 (2007)zbMATHCrossRefGoogle Scholar
  13. 13.
    Goldberg, I.: On the Security of the Tor Authentication Protocol. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 316–331. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Goldschlag, D., Reed, M., Syverson, P.: Hiding Routing Information. In: Anderson, R. (ed.) Information Hiding. LNCS, vol. 1174, pp. 137–150. Springer, Heidelberg (1996)Google Scholar
  15. 15.
    Kate, A., Zaverucha, G.M., Goldberg, I.: Pairing-Based Onion Routing. Technical Report CACR, 2007-08, Centre for Applied Cryptographic Research (2007), Available at
  16. 16.
    Khalili, A., Katz, J., Arbaugh, W.: Toward Secure Key Distribution in Truly Ad-Hoc Networks. In: IEEE Workshop on Security and Assurance in Ad-Hoc Networks 2003, pp. 342–346. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  17. 17.
    Koblitz, N., Menezes, A.: Pairing-Based Cryptography at High Security Levels. In: Smart, N.P. (ed.) Cryptography and Coding. LNCS, vol. 3796, pp. 13–36. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    Lynn, B.: PBC Library – The Pairing-Based Cryptography Library (accessed February 2007),
  19. 19.
    Mauw, S., Verschuren, J., de Vink, E.: A Formalization of Anonymity and Onion Routing. In: Samarati, P., Ryan, P.Y A, Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 109–124. Springer, Heidelberg (2004)Google Scholar
  20. 20.
    Menezes, A., Okamoto, T., Vanstone, S.: Reducing Elliptic Curve Logarithms to Logarithms in a Finite Field. In: STOC 1991. Proc. of the twenty-third annual ACM Symposium on Theory of Computing, pp. 80–89. ACM Press, New York (1991)CrossRefGoogle Scholar
  21. 21.
    Menezes, A., Van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography, 1st edn. CRC Press, Boca Raton, USA (1997)zbMATHGoogle Scholar
  22. 22.
    Möller, B.: Provably Secure Public-Key Encryption for Length-Preserving Chaumian Mixes. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, Springer, Heidelberg (2003)Google Scholar
  23. 23.
    Okamoto, E., Okamoto, T.: Cryptosystems Based on Elliptic Curve Pairing. In: Torra, V., Narukawa, Y., Miyamoto, S. (eds.) MDAI 2005. LNCS (LNAI), vol. 3558, pp. 13–23. Springer, Heidelberg (2005)Google Scholar
  24. 24.
    Øverlier, L., Syverson, P.: Improving efficiency and simplicity of Tor circuit establishment and hidden services. In: Proceedings of the 7th Privacy Enhancing Technologies Symposium (these proceedings) (2007)Google Scholar
  25. 25.
    Pedersen, T.: A Threshold Cryptosystem without a Trusted Party. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991)Google Scholar
  26. 26.
    Rahman, S., Inomata, A., Okamoto, T., Mambo, M., Okamoto, E.: Anonymous Secure Communication in Wireless Mobile Ad-hoc Networks. In: ICUCT2006. First International Conference on Ubiquitous Convergence Technology (December 2006)Google Scholar
  27. 27.
    Reed, M., Syverson, P., Goldschlag, D.: Anonymous Connections and Onion Routing. IEEE Journal on Selected Areas in Communications 16(4), 482–494 (1998)CrossRefGoogle Scholar
  28. 28.
    Rennhard, M., Plattner, B.: Introducing MorphMix: Peer-to-Peer based Anonymous Internet Usage with Collusion Detection. In: WPES 2002. Proceedings of the Workshop on Privacy in the Electronic Society, Washington, DC, USA (November 2002)Google Scholar
  29. 29.
    Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: SCIS 2000. Symposium on Cryptography and Information Security (2000)Google Scholar
  30. 30.
    Seth, A., Keshav, S.: Practical Security for Disconnected Nodes. In: IEEE ICNP Workshop on Secure Network Protocols, 2005 (NPSec), pp. 31–36. IEEE Computer Society Press, Los Alamitos (2005)CrossRefGoogle Scholar
  31. 31.
    Shamir, A.: How to Share a Secret. Commun. ACM 22(11), 612–613 (1979)zbMATHCrossRefMathSciNetGoogle Scholar
  32. 32.
    Syverson, P., Tsudik, G., Reed, M., Landwehr, C.: Towards an Analysis of Onion Routing Security. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 96–114. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  33. 33.
    The Tor Project. Tor: anonymity online (accessed February 2007),
  34. 34.
    Verheul, E.: Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 195–210. Springer, Heidelberg (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Aniket Kate
    • 1
  • Greg Zaverucha
    • 1
  • Ian Goldberg
    • 1
  1. 1.David R. Cheriton School of Computer Science, University of Waterloo, Waterloo, ON, N2L 3G1Canada

Personalised recommendations