Practical and Provably Secure Onion Routing

Authors Megumi Ando, Anna Lysyanskaya, Eli Upfal

Thumbnail PDF


  • Filesize: 484 kB
  • 14 pages

Document Identifiers

Author Details

Megumi Ando
  • Computer Science Department, Brown University, Providence, RI 02912 USA
Anna Lysyanskaya
  • Computer Science Department, Brown University, Providence, RI 02912 USA
Eli Upfal
  • Computer Science Department, Brown University, Providence, RI 02912 USA

Cite AsGet BibTex

Megumi Ando, Anna Lysyanskaya, and Eli Upfal. Practical and Provably Secure Onion Routing. In 45th International Colloquium on Automata, Languages, and Programming (ICALP 2018). Leibniz International Proceedings in Informatics (LIPIcs), Volume 107, pp. 144:1-144:14, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2018)


In an onion routing protocol, messages travel through several intermediaries before arriving at their destinations; they are wrapped in layers of encryption (hence they are called "onions"). The goal is to make it hard to establish who sent the message. It is a practical and widespread tool for creating anonymous channels. For the standard adversary models - passive and active - we present practical and provably secure onion routing protocols. Akin to Tor, in our protocols each party independently chooses the routing paths for his onions. For security parameter lambda, our differentially private solution for the active adversary takes O(log^2 lambda) rounds and requires every participant to transmit O(log^{4} lambda) onions in every round.

Subject Classification

ACM Subject Classification
  • Security and privacy → Security protocols
  • Anonymity
  • traffic analysis
  • statistical privacy
  • differential privacy


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. Mário S. Alvim, Miguel E. Andrés, Konstantinos Chatzikokolakis, Pierpaolo Degano, and Catuscia Palamidessi. Differential privacy: on the trade-off between utility and information leakage. In FAST 2011, pages 39-54. Springer, 2011. Google Scholar
  2. Michael Backes, Ian Goldberg, Aniket Kate, and Esfandiar Mohammadi. Provably secure and practical onion routing. In Computer Security Foundations Symposium (CSF), 2012 IEEE 25th, pages 369-385. IEEE, 2012. Google Scholar
  3. Michael Backes, Aniket Kate, Praveen Manoharan, Sebastian Meiser, and Esfandiar Mohammadi. AnoA: A framework for analyzing anonymous communication protocols. Cryptology ePrint Archive, Report 2014/087, 2014. URL:
  4. Ron Berman, Amos Fiat, and Amnon Ta-Shma. Provable unlinkability against traffic analysis. In Ari Juels, editor, FC 2004, volume 3110 of LNCS, pages 266-280, Key West, USA, feb 9-12, 2004. Springer, Heidelberg, Germany. Google Scholar
  5. Matt Blaze, John Ioannidis, Angelos D Keromytis, Tal Malkin, and Aviel D Rubin. Anonymity in wireless broadcast networks. IJ Network Security, 8(1):37-51, 2009. Google Scholar
  6. Jan Camenisch and Anna Lysyanskaya. A formal treatment of onion routing. In Victor Shoup, editor, CRYPTO 2005, volume 3621 of LNCS, pages 169-187, Santa Barbara, CA, USA, aug 14-18, 2005. Springer, Heidelberg, Germany. Google Scholar
  7. Ran Canetti. Universally composable security: A new paradigm for cryptographic protocols. In 42nd FOCS, pages 136-145, Las Vegas, NV, USA, oct 14-17, 2001. IEEE Computer Society Press. Google Scholar
  8. Konstantinos Chatzikokolakis, Catuscia Palamidessi, and Prakash Panangaden. Anonymity protocols as noisy channels. Information and Computation, 206(2-4):378-401, 2008. Google Scholar
  9. David Chaum. The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of Cryptology, 1(1):65-75, 1988. Google Scholar
  10. David L Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 24(2):84-90, 1981. Google Scholar
  11. David A. Cooper and Kenneth P. Birman. Preserving privacy in a network of mobile computers. In 1995 IEEE Symposium on Security and Privacy, pages 26-38. IEEE Computer Society Press, 1995. Google Scholar
  12. Henry Corrigan-Gibbs, Dan Boneh, and David Mazières. Riposte: An anonymous messaging system handling millions of users. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015, pages 321-338, San Jose, CA, USA, may 17-21, 2015. IEEE Computer Society Press. URL:
  13. George Danezis, Roger Dingledine, and Nick Mathewson. Mixminion: Design of a type III anonymous remailer protocol. In 2003 IEEE Symposium on Security and Privacy, pages 2-15, Berkeley, CA, USA, may 11-14, 2003. IEEE Computer Society Press. Google Scholar
  14. Roger Dingledine and Nick Mathewson. Tor: An anonymous internet communication system. In Workshop on Vanishing Anonymity, Proceedings from the Conference on Computers, Freedom, and Privacy, 2005. Google Scholar
  15. Roger Dingledine, Nick Mathewson, and Paul Syverson. Tor: The second-generation onion router. Technical report, DTIC Document, 2004. Google Scholar
  16. Yevgeniy Dodis, Leonid Reyzin, and Adam Smith. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In Christian Cachin and Jan Camenisch, editors, EUROCRYPT 2004, volume 3027 of LNCS, pages 523-540, Interlaken, Switzerland, may 2-6, 2004. Springer, Heidelberg, Germany. Google Scholar
  17. Danny Dolev, Cynthia Dwork, and Moni Naor. Nonmalleable cryptography. SIAM Journal on Computing, 30(2):391-437, 2000. Google Scholar
  18. Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam Smith. Calibrating noise to sensitivity in private data analysis. In Shai Halevi and Tal Rabin, editors, TCC 2006, volume 3876 of LNCS, pages 265-284, New York, NY, USA, mar 4-7, 2006. Springer, Heidelberg, Germany. Google Scholar
  19. Dwork, Cynthia and Roth, Aaron. The Algorithmic Foundations of Differential Privacy. Foundations and Trendsregistered in Theoretical Computer Science, 9(3-4):211-407, 2014. Google Scholar
  20. Joan Feigenbaum, Aaron Johnson, and Paul Syverson. Probabilistic analysis of onion routing in a black-box model. ACM Transactions on Information and System Security (TISSEC), 15(3):1-28, Nov 2012. Google Scholar
  21. Joan Feigenbaum, Aaron Johnson, and Paul F. Syverson. A model of onion routing with provable anonymity. In Sven Dietrich and Rachna Dhamija, editors, FC 2007, volume 4886 of LNCS, pages 57-71, Scarborough, Trinidad and Tobago, feb 12-16, 2007. Springer, Heidelberg, Germany. Google Scholar
  22. Oded Goldreich. Foundations of Cryptography: Basic Tools, volume 1. Cambridge University Press, Cambridge, UK, 2001. Google Scholar
  23. Don Hush and Clint Scovel. Concentration of the hypergeometric distribution. Statistics &probability letters, 75(2):127-132, 2005. Google Scholar
  24. Boris Köpf and David A. Basin. An information-theoretic model for adaptive side-channel attacks. In Peng Ning, Sabrina De Capitani di Vimercati, and Paul F. Syverson, editors, ACM CCS 07, pages 286-296, Alexandria, Virginia, USA, oct 28-31, 2007. ACM Press. Google Scholar
  25. Albert Kwon, Henry Corrigan-Gibbs, Srinivas Devadas, and Bryan Ford. Atom: Horizontally scaling strong anonymity. In Proceedings of the 26th Symposium on Operating Systems Principles, SOSP '17, pages 406-422, New York, NY, USA, 2017. ACM. URL:
  26. Olga Ohrimenko, Michael T. Goodrich, Roberto Tamassia, and Eli Upfal. The melbourne shuffle: Improving oblivious storage in the cloud. In Javier Esparza, Pierre Fraigniaud, Thore Husfeldt, and Elias Koutsoupias, editors, Automata, Languages, and Programming - 41st International Colloquium, ICALP 2014, Copenhagen, Denmark, July 8-11, 2014, Proceedings, Part II, volume 8573 of LNCS, pages 556-567, Copenhagen, Denmark, jul 8-11, 2014. Springer, Heidelberg, Germany. URL:
  27. Charles Rackoff and Daniel R. Simon. Cryptographic defense against traffic analysis. In 25th ACM STOC, pages 672-681, San Diego, CA, USA, may 16-18, 1993. ACM Press. Google Scholar
  28. Vitaly Shmatikov and Ming-Hsiu Wang. Measuring relationship anonymity in mix networks. In Proceedings of the 5th ACM workshop on Privacy in electronic society, pages 59-62. ACM, 2006. Google Scholar
  29. Yixin Sun, Anne Edmundson, Nick Feamster, Mung Chiang, and Prateek Mittal. Counter-RAPTOR: Safeguarding tor against active routing attacks. In 2017 IEEE Symposium on Security and Privacy, pages 977-992, San Jose, CA, USA, may 22-26, 2017. IEEE Computer Society Press. Google Scholar
  30. Nirvan Tyagi, Yossi Gilad, Derek Leung, Matei Zaharia, and Nickolai Zeldovich. Stadium: A distributed metadata-private messaging system. In Proceedings of the 26th Symposium on Operating Systems Principles, SOSP '17, pages 423-440, New York, NY, USA, 2017. ACM. URL:
  31. Jelle van den Hooff, David Lazar, Matei Zaharia, and Nickolai Zeldovich. Vuvuzela: scalable private messaging resistant to traffic analysis. In SOSP 2015, pages 137-152. ACM Press, 2015. Google Scholar
Questions / Remarks / Feedback

Feedback for Dagstuhl Publishing

Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail