Skip to main content
SpringerLink
Log in

A certificateless approach to onion routing

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Onion routing protocols allow users to establish anonymous channels to preserve their privacy over a public network. Several protocols implementing this primitive have been proposed in recent years, and The onion routing network (Tor), a real-life implementation, provides an onion routing service to thousands of users over the Internet. This paper presents Certificateless Onion Routing a new approach to the problem. Starting from the identity-based solution (PB-OR) of Kate et al. (ACM TISSEC 2000), we adopt the certificateless setting introduced by Al-Riyami and Paterson in 2003. Such a setting is particularly well suited in practice as it retains the good aspects of identity-based cryptography (no PKI is required) and traditional public key cryptography (there is no key escrow). Next, we present a novel certificateless key-encapsulation mechanism and we show how to turn it into a very efficient (and provably secure!) certificateless onion routing protocol. When compared with Tor and PB-OR, our protocol offers better performances, especially when current security levels (i.e., 128 bits) are considered. In particular, our scheme significantly improves the computational costs required from each router. In this sense, our solution is up to 7 times faster than PB-OR and up to 11 times faster than Tor.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. We remark that in recent papers the name Strong Diffie–Hellman was used to denote a different conjecture defined over bilinear groups [6]. In this paper, we refer to the original terminology from [1].

  2. We remark that in recent papers the name Strong Diffie–Hellman Assumption was used to denote a different conjecture defined over bilinear groups [6]. In this paper, we refer to the original terminology from [1].

  3. Our scheme is similar to that proposed by [4], but as later noted by Baek in [3] that scheme has a flaw in its proof of security.

  4. This kind of curves also admit a pairing operator \(e:\mathbb G_{1} \times \mathbb G_{2} \rightarrow \mathbb G_{T}\), which is not particularly efficient to compute, but this is not of interest in our protocol as we use only exponentiations in \(\mathbb G_{1}\).

References

  1. Abdalla, M., Bellare, M., Rogaway, P.: The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Proceedings of CT-RSA 2001, volume 2020 of LNCS, pp. 143–150. Springer, New York (2001)

  2. Al-Riyami, S., Paterson, K.: Certificateless public key cryptography. In: Advances in Cryptology—ASIACRYPT 2003, volume 2894 of LNCS, pp. 452–473. Springer, New York (2003)

  3. Baek, J.: Important note on certificateless public key encryption without pairing. http://www1.i2r.a-star.edu.sg/~jsbaek/ (2007)

  4. Baek, J., Safavi-Naini, R., Susilo, W.: Certificateless public key encryption without pairing. In: Proceedings of the 8th International Conference on Information Security—ISC 2005, volume 3650 of LNCS, pp. 134–148. Springer, New York (2005)

  5. Bellare, M., Neven, G.: New multi-signature schemes and a general forking lemma. In: Proceedings of the 13th Conference on Computer and Communications Security—ACM CCS 2006. ACM Press, New York (2006)

  6. Boneh, D., Boyen, X.: Short signatures without random oracles. In: Advances in Cryptology—Eurocrypt 2004, volume 3027 of LNCS, pp. 56–73. Springer, New York (2004)

  7. Boneh, D., Franklin, M.K.: Identity-based encryption from the weil pairing. SIAM J. Comput. 32(3):586–615 (2003). Also in CRYPTO (2001)

  8. Camenisch, J., Lysyanskaya, A.: A formal treatment of onion routing. In: Advances in Cryptology—CRYPTO 2005, volume 3621 of LNCS, pp. 169–187. Springer, New York (2005)

  9. Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proceedings of the 42nd IEEE Symposium on Foundations of Computer Science (FOCS), pp. 136–145. IEEE (2001)

  10. Cash, D., Kiltz, E., Shoup, V.: The twin diffie-hellman problem and applications. In: Advances in Cryptology—EUROCRYPT 2008, volume 4965 of LNCS, pp. 127–145. Springer, New York (2008)

  11. Catalano, D., Fiore, D., Gennaro, R.: Certificateless onion routing. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (ACM CCS 2009), pp. 151–160. ACM Press, New York (2009)

  12. Chaum, D.: Untraceable electronic mail, return address and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)

    Article  Google Scholar 

  13. Dai, W.: PipeNet 1.1. http://www.weidai.com/pipenet.txt

  14. Dent, A.: A survey of certificateless encryption schemes and security models. Int. J. Inf. Secur. 7(5), 347–377 (2008)

    Article  Google Scholar 

  15. Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  16. Dingledin, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium, pp. 303–320 (2004)

  17. Dingledine, R., Mathewson, N.: Tor protocol specification, 2008. http://www.torproject.org/svn/trunk/doc/spec/tor-spec.txt

  18. ECRYPT. Yearly report on algorithms and key sizes (2007–2008), July 2008. http://www.ecrypt.eu.org/ecrypt1/documents/D.SPA.28-1.1.pdf

  19. Fiore, D., Gennaro, R.: Making the Diffie–Hellman protocol identity-based. In: Proceedings of CT-RSA 2010, volume 5985 of LNCS, pp. 165–178. Springer, New York (2010). Also in http://eprint.iacr.org/2009/174

  20. Freedman, M., Morris, R.: Tarzan: A peer-to-peer anonymizing network layer. In: Proceedings of the 9th ACM Conference on Computer and Communication Security (CCS 2002), pp. 193–206. ACM Press, New York (2002)

  21. Goldberg, I.: On the security of the tor authentication protocol. In: Proceedings of the 6th Workshop on Privacy Enhancing Technologies (PET 2006), volume 4258 of LNCS, pp. 316–331. Springer, New York (2006)

  22. Goldschlag, D., Reed, M., Syverson, P.: Hiding routing informations. In: Proceedings of the First International Workshop on Information Hiding, volume 1174 of LNCS, pp. 137–150. Springer, New York (1996)

  23. Goldschlag, D., Reed, M., Syverson, P.: Onion routing for anonymous and private internet connections. Commun. ACM 42(2), 84–88 (1999)

    Article  Google Scholar 

  24. Kate, A., Goldberg, I.: Using sphinx to improve onion routing circuit construction. In: Proceedings of the 14th International Conference on Financial Cryptography and Data Security (FC 2010) (2010) to appear

  25. Kate, A., Zaverucha, G., Goldberg, I.: Pairing-based onion routing. In: Proceedings of the 7th Privacy Enhancing Technologies Symposium (PETS 2007), volume 4776 of LNCS, pp. 95–112. Springer, New York (2007)

  26. Kate, A., Zaverucha, G., Goldberg, I.: Pairing-based onion routing with improved forward secrecy. ACM Transactions on Information and System Security (2009)

  27. Lynn, B.: Pbc: The pairing-based crypto library. http://crypto.stanford.edu/pbc

  28. Moller, B.: Provably secure public key encryption for length-preserving chaumian mixes. In: Proceedings of CT-RSA 2003, volume 2612 of LNCS, pp. 244–262. Springer, New York (2003)

  29. NIST. Recommendations for key management part 1: General, August 2005. http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf

  30. Øverlier, L., Syverson, P.: Improving efficiency and simplicity of tor circuit establishment and hidden services. In: Proceedings of the 7th Privacy Enhancing Technologies Symposium (PETS 2007), volume 4776 of LNCS, pp. 134–152. Springer, New York (2007)

  31. Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361–396 (2000)

    Article  MATH  Google Scholar 

  32. Reed, M., Syverson, P., Goldschlag, D.: Anonymous connections and onion routing. IEEE J. Selected Ares Commun. 16(4), 482–494 (1998)

    Article  Google Scholar 

  33. Renhard, M., Plattner, B.: Introducing MorphMix: peer-to-peer based anonymous Internet usage with collusion detection. In Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2002), pp. 91–102. ACM Press, New York (2002)

  34. Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: Symposium on Cryptography and Information Security (2000)

  35. Schnorr, C.: Efficient identification and signatures for smart cards. In: Advances in Cryptology—CRYPTO ’89, volume 435 of LNCS, pp. 239–252. Springer, New York (1989)

  36. Shamir, A.: Identity-based cryptosystems and signature schemes. In: Advances in Cryptology—CRYPTO 1984, 47–53 (1985)

  37. Shoup, V., Gennaro, R.: Securing threshold cryptosystems against chosen ciphertext attack. In: Advances in Cryptology—Proceedings of EUROCRYPT ’98, volume 1403 of LNCS, pp. 1–16. Springer, New York (1998)

Download references

Acknowledgments

The authors would like to thank Nikita Borisov for suggesting the problem and pointing them to [25] and Gregory Neven for suggesting the use of the General Forking Lemma. The second author did most of the work while at University of Catania. The research of Dario Fiore has been partially supported by the European Union’s Horizon 2020 Research and Innovation Programme under grant agreement 688722 (NEXTLEAP), the Spanish Ministry of Economy under project reference TIN2015-70713-R (DEDETIS) and under a Juan de la Cierva fellowship to Dario Fiore, and by the Madrid Regional Government under project N-Greens (ref. S2013/ICE-2731).

Author information

Authors and Affiliations

  1. Università di Catania, Catania, Italy

    Dario Catalano

  2. IMDEA Software Institute, Campus Montegancedo s/n, 28223, Pozuelo de Alarcon, Madrid, Spain

    Dario Fiore

  3. City College of New York, New York, NY, USA

    Rosario Gennaro

Authors
  1. Dario Catalano
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dario Fiore
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rosario Gennaro
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dario Fiore.

Additional information

An extended abstract of this paper appeared in the proceedings of ACM CCS 2009.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Catalano, D., Fiore, D. & Gennaro, R. A certificateless approach to onion routing. Int. J. Inf. Secur. 16, 327–343 (2017). https://doi.org/10.1007/s10207-016-0337-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-016-0337-x

Keywords

Search

Navigation