anonymous communication with on-line and off-line onion encoding · 2007-12-22 · introduction new...
TRANSCRIPT
![Page 1: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/1.jpg)
IntroductionNew approach
Conclusions
Anonymous communication with on-lineand off-line onion encoding
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski
Wrocław University of Technology,SOFSEM’2005
Partially supported by the EU within the 6th Framework Programme under contract 001907 (DELIS)
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 2: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/2.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Privacy in Communication Systems
I messages can be kept secret
I reliable authentication
I how to hide that two parties are communicating??
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 3: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/3.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Need of Anonymity in Communication
I a health insurance company discovers that an applicanthas sought information on specific heart diseases – hisapplication get rejected!
I buying a product – the seller knows where I have checkedthe prices.– the game becomes unfair!
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 4: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/4.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Design Goals
I provable security
I scalability
I layered approach consistent with communication systemsarchitecture
I adaptiveness to network load
I the end-user machine has limited knowledge of the network
I resistance against dynamic attacks (not only observing thenetwork but also inserting/deleting messages)
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 5: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/5.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Design Goals
I provable security
I scalability
I layered approach consistent with communication systemsarchitecture
I adaptiveness to network load
I the end-user machine has limited knowledge of the network
I resistance against dynamic attacks (not only observing thenetwork but also inserting/deleting messages)
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 6: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/6.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Design Goals
I provable security
I scalability
I layered approach consistent with communication systemsarchitecture
I adaptiveness to network load
I the end-user machine has limited knowledge of the network
I resistance against dynamic attacks (not only observing thenetwork but also inserting/deleting messages)
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 7: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/7.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Design Goals
I provable security
I scalability
I layered approach consistent with communication systemsarchitecture
I adaptiveness to network load
I the end-user machine has limited knowledge of the network
I resistance against dynamic attacks (not only observing thenetwork but also inserting/deleting messages)
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 8: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/8.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Naive or Local Network Solutions
I all-to-all : send the encrypted message to all participants,communication overhead!
I token ring : encoded messages go around the ringcommunication delay!
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 9: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/9.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Naive or Local Network Solutions
I all-to-all : send the encrypted message to all participants,communication overhead!
I token ring : encoded messages go around the ringcommunication delay!
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 10: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/10.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Onion Encoding
m
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 11: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/11.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Onion Encoding
m
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 12: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/12.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Onion Encoding
m X
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 13: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/13.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Onion Encoding
m X
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 14: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/14.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Onion Encoding
m X Y
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 15: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/15.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Onion Encoding
m X Y
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 16: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/16.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Onion Encoding
m X Y
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 17: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/17.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Onion decryption
m X Y
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 18: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/18.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Onion decryption
m X Y
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 19: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/19.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Onion decryption
m X Y
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 20: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/20.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Onion decryption
m X
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 21: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/21.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Onion decryption
m X
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 22: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/22.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Onion decryption
m
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 23: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/23.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Onion decryption
m
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 24: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/24.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Route of an Onion
single onion
A
B
i
i
i
i
i�
��
������
AAAAAA
��
�
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 25: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/25.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Route of an Onion
single onion
A
B
i
ii
i
i�
��
������
AAAAAA
��
�
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 26: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/26.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Route of an Onion
single onion
A
B
i
ii
i
i�
��
������
AAAAAA
��
�
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 27: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/27.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Route of an Onion
single onion
A
B
i
ii
i
i
��
�
������
AAAAAA
��
�
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 28: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/28.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Route of an Onion
single onion
A
B
i
ii
i
i�
��
������
AAAAAA
��
�
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 29: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/29.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Route of an Onion
single onion
A
B
i
ii
i
i�
��
������
AAAAAA
��
�
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 30: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/30.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Route of an Onion
single onion
A
B
i
ii
i
i�
��
������
AAAAAA
��
�
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 31: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/31.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Route of an Onion
single onion
A
B
i
ii
i
i�
��
������
AAAAAA
��
�
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 32: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/32.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Classical Onions
If A wants send a message m to server B
I A chooses at random λ intermediate nodes J1, . . . ,Jλ;
I A creates an onion:O :=
EncB(m)
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 33: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/33.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Classical Onions
If A wants send a message m to server B
I A chooses at random λ intermediate nodes J1, . . . ,Jλ;
I A creates an onion:O :=
EncB(m)
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 34: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/34.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Classical Onions
If A wants send a message m to server B
I A chooses at random λ intermediate nodes J1, . . . ,Jλ;
I A creates an onion:O :=
EncJλ(EncB(m),B)
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 35: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/35.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Classical Onions
If A wants send a message m to server B
I A chooses at random λ intermediate nodes J1, . . . ,Jλ;
I A creates an onion:O :=
EncJλ−1(EncJλ(EncB(m),B),Jλ)
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 36: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/36.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Classical Onions
If A wants send a message m to server B
I A chooses at random λ intermediate nodes J1, . . . ,Jλ;
I A creates an onion:O :=EncJ1(. . .(EncJλ−1
(EncJλ(EncB(m),B),Jλ),Jλ−1) . . . ,J2) .
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 37: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/37.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Processing an Onion
If A wants send a message m encrypted as O to server B
I A sends onion O to J1
I J1 decrypts O and obtains some (O′,J2)I J1 sends O′ to J2
I J2 decrypts ..
I J2 sends .. to J3
I ...
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 38: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/38.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Processing an Onion
If A wants send a message m encrypted as O to server B
I A sends onion O to J1
I J1 decrypts O and obtains some (O′,J2)
I J1 sends O′ to J2
I J2 decrypts ..
I J2 sends .. to J3
I ...
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 39: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/39.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Processing an Onion
If A wants send a message m encrypted as O to server B
I A sends onion O to J1
I J1 decrypts O and obtains some (O′,J2)I J1 sends O′ to J2
I J2 decrypts ..
I J2 sends .. to J3
I ...
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 40: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/40.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Processing an Onion
If A wants send a message m encrypted as O to server B
I A sends onion O to J1
I J1 decrypts O and obtains some (O′,J2)I J1 sends O′ to J2
I J2 decrypts ..
I J2 sends .. to J3
I ...
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 41: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/41.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Processing an Onion
If A wants send a message m encrypted as O to server B
I A sends onion O to J1
I J1 decrypts O and obtains some (O′,J2)I J1 sends O′ to J2
I J2 decrypts ..
I J2 sends .. to J3
I ...
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 42: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/42.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Onions at Work
i��
�
i������
iAAAAAA i�
��
i
many onions
i��
�
i��
�
i@
@@ i�
��
i
i i������
i��
�
i@
@@ i
i i i
i
ii@
@@ i�
��
i@
@@ i�
�����
ii i i@
@@ i�
�����
ii@
@@ i�
��
i i@
@@ i
A
destination of the message starting at A?
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 43: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/43.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Onions at Work
i��
�
i������
iAAAAAA i�
��
imany onions
i��
�
i��
�
i@
@@ i�
��
i
i i������
i��
�
i@
@@ i
i i i
i
ii@
@@ i�
��
i@
@@ i�
�����
ii i i@
@@ i�
�����
ii@
@@ i�
��
i i@
@@ i
A
destination of the message starting at A?
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 44: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/44.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Onions at Work
i��
�
i������
iAAAAAA i�
��
imany onions
i��
�
i��
�
i@
@@ i�
��
i
i i������
i��
�
i@
@@ i
i i i
i
ii@
@@ i�
��
i@
@@ i�
�����
ii i i@
@@ i�
�����
ii@
@@ i�
��
i i@
@@ i
A
destination of the message starting at A?
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 45: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/45.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Onions at Work
i��
�
i������
iAAAAAA i�
��
imany onions
i��
�
i��
�
i@
@@ i�
��
i
i i������
i��
�
i@
@@ i
i i i
i
ii@
@@ i�
��
i@
@@ i�
�����
ii i i@
@@ i�
�����
ii@
@@ i�
��
i i@
@@ i
A
destination of the message starting at A?
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 46: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/46.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Onions at Work
i��
�
i������
iAAAAAA i�
��
imany onions
i��
�
i��
�
i@
@@ i�
��
i
i i������
i��
�
i@
@@ i
i i i
i
i
i@
@@ i�
��
i@
@@ i�
�����
ii i i@
@@ i�
�����
ii@
@@ i�
��
i i@
@@ i
A
destination of the message starting at A?
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 47: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/47.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Onions at Work
i��
�
i������
iAAAAAA i�
��
imany onions
i��
�
i��
�
i@
@@ i�
��
i
i i������
i��
�
i@
@@ i
i i i
i
ii@
@@ i�
��
i@
@@ i�
�����
i
i i i@
@@ i�
�����
ii@
@@ i�
��
i i@
@@ i
A
destination of the message starting at A?
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 48: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/48.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Onions at Work
i��
�
i������
iAAAAAA i�
��
imany onions
i��
�
i��
�
i@
@@ i�
��
i
i i������
i��
�
i@
@@ i
i i i
i
ii@
@@ i�
��
i@
@@ i�
�����
ii i i@
@@ i�
�����
i
i@
@@ i�
��
i i@
@@ i
A
destination of the message starting at A?
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 49: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/49.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Onions at Work
i��
�
i������
iAAAAAA i�
��
imany onions
i��
�
i��
�
i@
@@ i�
��
i
i i������
i��
�
i@
@@ i
i i i
i
ii@
@@ i�
��
i@
@@ i�
�����
ii i i@
@@ i�
�����
ii@
@@ i�
��
i i@
@@ i
A
destination of the message starting at A?
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 50: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/50.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Onions at Work
i��
�
i������
iAAAAAA i�
��
imany onions
i��
�
i��
�
i@
@@ i�
��
i
i i������
i��
�
i@
@@ i
i i i
i
ii@
@@ i�
��
i@
@@ i�
�����
ii i i@
@@ i�
�����
ii@
@@ i�
��
i i@
@@ i
A
destination of the message starting at A?
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 51: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/51.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Disadvantages – Repetitive Attack
an adversary re-sends the same onion
i��
�
i������
iAAAAAA i�
��
i
i��
�
i��
�
iAAAAAA
������
i
i i������
i��
�
i@
@@ i
i i i
i
ii@
@@ i�
��
i@
@@ i�
�����
ii i i@
@@ i�
�����
ii@
@@ i�
��
i i@
@@ i
A�
��
������ A
AAAAA
��
�
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 52: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/52.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Disadvantages – Repetitive Attack
an adversary re-sends the same onion
i��
�
i������
iAAAAAA i�
��
ii�
��
i��
�
iAAAAAA
������
i
i i������
i��
�
i@
@@ i
i i i
i
ii@
@@ i�
��
i@
@@ i�
�����
ii i i@
@@ i�
�����
ii@
@@ i�
��
i i@
@@ i
A�
��
������ A
AAAAA
��
�
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 53: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/53.jpg)
IntroductionNew approach
Conclusions
AnonymityExisting SolutionsExisting problems
Disadvantages – Repetitive Attack
an adversary re-sends the same onion
i��
�
i������
iAAAAAA i�
��
ii�
��
i��
�
iAAAAAA
������
i
i i������
i��
�
i@
@@ i
i i i
i
ii@
@@ i�
��
i@
@@ i�
�����
ii i i@
@@ i�
�����
ii@
@@ i�
��
i i@
@@ i
A�
��
������ A
AAAAA
��
�
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 54: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/54.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Problem Solution: Universal Re-Encryption
technique due to P. Golle, M. Jakobsson, A. Juels, P. Syverson
I ciphertext obtained with a public key of recipient Alice buteverybody can re-code it without knowing the public key ofAlice or her identity
I any connection between a ciphertext before and afterre-coding undetectable by a third party
I perfect tool for an anonymous re-mailer, ...
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 55: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/55.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
URE setup
I q - prime, G - a group of rank q with hard discrete logarithmproblem
I g - generator of G,
I x < q - private key of Alice
I y = gx - public key of Alice
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 56: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/56.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
URE CiphertextsEncryption:k0, k1 - random
A ciphertext of m:
(α0,β0;α1,β1) :=(m · yk0,gk0;yk1,gk1
)
Re-encryption:k ′0, k ′1 - randomThe message after re-encryption:(
α0 ·αk ′01 ,β0 ·β
k ′01 ;αk ′1
1 ,βk ′11
)=
(m · yk0+k1·k ′0,gk0+k1·k ′0;yk1·k ′1,gk1·k ′1
)
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 57: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/57.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
URE CiphertextsEncryption:k0, k1 - random
A ciphertext of m:
(α0,β0;α1,β1) :=(m · yk0,gk0;yk1,gk1
)Re-encryption:k ′0, k ′1 - randomThe message after re-encryption:(
α0 ·αk ′01 ,β0 ·β
k ′01 ;αk ′1
1 ,βk ′11
)=
(m · yk0+k1·k ′0,gk0+k1·k ′0;yk1·k ′1,gk1·k ′1
)Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 58: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/58.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Decryption
(α0,β0;α1,β1)
Like for ElGamal:m :=
α0
βx0
m′ :=α1
βx1
A message m is accepted ⇔ m′ = 1
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 59: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/59.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
URE-Onions
mJ J J2 3 4
I an URE-onion consists of λ blocks
I a block = URE ciphertext
I encoded plaintexts:J2, J3, . . . , Jλ, m
I advantage: each block can be re-encrypted whileprocessing at a serverrepetitions get undetected!
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 60: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/60.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
URE-Onions
mJ J J2 3 4
I an URE-onion consists of λ blocks
I a block = URE ciphertext
I encoded plaintexts:J2, J3, . . . , Jλ, m
I advantage: each block can be re-encrypted whileprocessing at a serverrepetitions get undetected!
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 61: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/61.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
URE-Onions - Partial DecryptionGoal: enforce processing along the path
I y1, ...,yλ = public keys of J1, . . . , JλI ciphertext of Ji encoded with the public key y1 ·y2 · . . . ·yi−1:
(Ji · (y1 · y2 · . . . · yi−1)k ,gk ,(y1 · y2 · . . . · yi−1)k ′,gk ′)
I partial decryption of (a,b,c,d) by J1:
a := a/bx1, c := c/dx1
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 62: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/62.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
URE-Onions - Partial DecryptionGoal: enforce processing along the path
I y1, ...,yλ = public keys of J1, . . . , JλI ciphertext of Ji encoded with the public key y1 ·y2 · . . . ·yi−1:
(Ji · (y1 · y2 · . . . · yi−1)k ,gk ,(y1 · y2 · . . . · yi−1)k ′,gk ′)
I partial decryption of (a,b,c,d) by J1:
a := a/bx1, c := c/dx1
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 63: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/63.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
URE-Onions - Partial DecryptionGoal: enforce processing along the path
I y1, ...,yλ = public keys of J1, . . . , JλI ciphertext of Ji – with the public key y1 · y2 · . . . · yi−1:
(Ji · (y1 · y2 · . . . · yi−1)k ,gk ,(y1 · y2 · . . . · yi−1)k ′,gk ′)
I partial decryption of (a,b,c,d) by J1:
a := a/bx1, c := c/dx1
Result:
(Ji · (y2 · . . . · yi−1)k ,gk ,(y2 · . . . · yi−1)k ′,gk ′)
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 64: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/64.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Processing an Onion
I partial decryption of all blocks⇒ the next hop address Ji or m is retrieved
I re-encryption of all blocks
I random permutation of all blocks
I delivery to Ji or to the final destination
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 65: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/65.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Processing an Onion
I partial decryption of all blocks⇒ the next hop address Ji or m is retrieved
I re-encryption of all blocks
I random permutation of all blocks
I delivery to Ji or to the final destination
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 66: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/66.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Processing an Onion
I partial decryption of all blocks⇒ the next hop address Ji or m is retrieved
I re-encryption of all blocks
I random permutation of all blocks
I delivery to Ji or to the final destination
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 67: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/67.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Processing an Onion
I partial decryption of all blocks⇒ the next hop address Ji or m is retrieved
I re-encryption of all blocks
I random permutation of all blocks
I delivery to Ji or to the final destination
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 68: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/68.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Further Possibilities: Inserting a Ciphertext
Empty container :
(a,b,c,d) =(1 · yk0,gk0;yk1,gk1
)Inserting m :
a := a ·m
Result :(a,b,c,d) =
(m · yk0,gk0;yk1,gk1
)
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 69: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/69.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Navigators
Navigators ≡ „empty onions”
I Nav [J1, ...,Jλ] = Oy1,...,yλ(−)
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 70: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/70.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions
A i
iB
iS1
iS2
iS3
��
�
ce e
ce
ee
@@
@
��
�
@@
@
c gg
@@
@
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 71: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/71.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions
A i
iB
iS1
iS2
iS3
��
�
ce e
ce
ee
@@
@
��
�
@@
@
c gg
@@
@
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 72: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/72.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions
A i
iB
iS1
iS2
iS3
��
�
ce e
ce
ee
@@
@
��
�
@@
@
c gg
@@
@
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 73: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/73.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions
A i
iB
iS1
iS2
iS3
��
�
ce e
ce
ee
@@
@
��
�
@@
@
c gg
@@
@
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 74: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/74.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions
A i
iB
iS1
iS2
iS3
��
�
ce e
ce
ee
@@
@
��
�
@@
@
c gg
@@
@
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 75: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/75.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions
A i
iB
iS1
iS2
iS3
��
�
ce
ec
ee
e
@@
@
��
�
@@
@
c gg
@@
@
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 76: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/76.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions
A i
iB
iS1
iS2
iS3
��
�
ce e
ce
ee
@@
@
��
�
@@
@
c gg
@@
@
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 77: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/77.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions
A i
iB
iS1
iS2
iS3
��
�
ce e
ce
ee
@@
@
��
�
@@
@
c gg
@@
@
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 78: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/78.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions
A i
iB
iS1
iS2
iS3
��
�
ce e
ce
ee
@@
@
��
�
@@
@
c gg
@@
@
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 79: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/79.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions
A i
iB
iS1
iS2
iS3
��
�
ce e
ce
ee
@@
@
��
�
@@
@
c gg
@@
@
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 80: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/80.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions
A i
iB
iS1
iS2
iS3
��
�
ce e
ce
ee
@@
@
��
�
@@
@
c gg
@@
@
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 81: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/81.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions
A i
iB
iS1
iS2
iS3
��
�
ce e
ce
e
e
@@
@
��
�
@@
@
c gg
@@
@
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 82: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/82.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions
A i
iB
iS1
iS2
iS3
��
�
ce e
ce
ee
@@
@
��
�
@@
@
c gg
@@
@
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 83: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/83.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions
A i
iB
iS1
iS2
iS3
��
�
ce e
ce
ee
@@
@
��
�
@@
@
c gg
@@
@
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 84: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/84.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions
A i
iB
iS1
iS2
iS3
��
�
ce e
ce
ee
@@
@
��
�
@@
@
c gg
@@
@
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 85: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/85.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions
A i
iB
iS1
iS2
iS3
��
�
ce e
ce
ee
@@
@
��
�
@@
@
c gg
@@
@
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 86: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/86.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions
A i
iB
iS1
iS2
iS3
��
�
ce e
ce
ee
@@
@
��
�
@@
@
c gg
@@
@
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 87: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/87.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions
A i
iB
iS1
iS2
iS3
��
�
ce e
ce
ee
@@
@
��
�
@@
@
c g
g@
@@
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 88: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/88.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions
A i
iB
iS1
iS2
iS3
��
�
ce e
ce
ee
@@
@
��
�
@@
@
c gg
@@
@
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 89: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/89.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions
A i
iB
iS1
iS2
iS3
��
�
ce e
ce
ee
@@
@
��
�
@@
@
c gg
@@
@
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 90: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/90.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions
A i
iB
iS1
iS2
iS3
��
�
ce e
ce
ee
@@
@
��
�
@@
@
c gg
@@
@
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 91: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/91.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions
A i
iB
iS1
iS2
iS3
��
�
ce e
ce
ee
@@
@
��
�
@@
@
c gg
@@
@
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 92: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/92.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions - creation
A has a message m for B. Then A:
I chooses at random k servers S1, ..., Sk
I creates a navigator N = Nav [S1, ...,Sk ]I inserts message „to B” into N
I creates a ciphertext UREyB(m) with yB, decryption key of B
I sends to S1:
Nav [S1,Sk ](to B) , UREyB(m)
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 93: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/93.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions - creation
A has a message m for B. Then A:
I chooses at random k servers S1, ..., Sk
I creates a navigator N = Nav [S1, ...,Sk ]
I inserts message „to B” into N
I creates a ciphertext UREyB(m) with yB, decryption key of B
I sends to S1:
Nav [S1,Sk ](to B) , UREyB(m)
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 94: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/94.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions - creation
A has a message m for B. Then A:
I chooses at random k servers S1, ..., Sk
I creates a navigator N = Nav [S1, ...,Sk ]I inserts message „to B” into N
I creates a ciphertext UREyB(m) with yB, decryption key of B
I sends to S1:
Nav [S1,Sk ](to B) , UREyB(m)
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 95: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/95.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions - creation
A has a message m for B. Then A:
I chooses at random k servers S1, ..., Sk
I creates a navigator N = Nav [S1, ...,Sk ]I inserts message „to B” into N
I creates a ciphertext UREyB(m) with yB, decryption key of B
I sends to S1:
Nav [S1,Sk ](to B) , UREyB(m)
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 96: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/96.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions - creation
A has a message m for B. Then A:
I chooses at random k servers S1, ..., Sk
I creates a navigator N = Nav [S1, ...,Sk ]I inserts message „to B” into N
I creates a ciphertext UREyB(m) with yB, decryption key of B
I sends to S1:
Nav [S1,Sk ](to B) , UREyB(m)
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 97: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/97.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions – processing
A message obtained by a server on a path of m consists of:
I Nav [Ji ,Jm](toSj) – “local navigator” chosen online
I URE(Nav [Sj ,Sk ](toB)) – ciphertext of the remaining partof the “global navigator”
I UREyB(m)
the i th server from the list J1, ...,Jl proceeds:
I partial decryption of navigators
I re-encryption
I sending according to the “internal navigator”
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 98: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/98.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions – processing
A message obtained by a server on a path of m consists of:
I Nav [Ji ,Jm](toSj) – “local navigator” chosen online
I URE(Nav [Sj ,Sk ](toB)) – ciphertext of the remaining partof the “global navigator”
I UREyB(m)the i th server from the list J1, ...,Jl proceeds:
I partial decryption of navigators
I re-encryption
I sending according to the “internal navigator”
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 99: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/99.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions – processing
A message obtained by a server on a path of m consists of:
I Nav [Ji ,Jm](toSj) – “local navigator” chosen online
I URE(Nav [Sj ,Sk ](toB)) – ciphertext of the remaining partof the “global navigator”
I UREyB(m)the i th server from the list S1, ...,Sk proceeds:
I retrieves Nav [Si+1,Sk ]) with its private key
I chooses a local navigator M[J1, ...,Jl ] and inserts themessage “to Si+1”
I URE-encrypts Nav [Si+1,Sk ]) for this path
I sends to J1
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 100: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/100.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions - repetitive attack
A i
iB
iS1
iS2
iS3
��
�
ii i
ii
ii
@@
@
��
�
@@
@
i ii
@@
@
repetitive attack?
��
�
ii i
i�
��
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 101: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/101.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions - repetitive attack
A i
iB
iS1
iS2
iS3
��
�
ii i
ii
ii
@@
@
��
�
@@
@
i ii
@@
@
repetitive attack?
��
�
ii i
i�
��
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 102: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/102.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions - repetitive attack
A i
iB
iS1
iS2
iS3
��
�
ii i
ii
ii
@@
@
��
�
@@
@
i ii
@@
@
repetitive attack?
��
�
ii
ii�
��
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 103: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/103.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions - repetitive attack
A i
iB
iS1
iS2
iS3
��
�
ii i
ii
ii
@@
@
��
�
@@
@
i ii
@@
@
repetitive attack?
��
�
ii i
i
��
�
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 104: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/104.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Online Merge Onions - repetitive attack
A i
iB
iS1
iS2
iS3
��
�
ii i
ii
ii
@@
@
��
�
@@
@
i ii
@@
@
repetitive attack?
��
�
ii i
i�
��
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 105: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/105.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Further Advantages
I if different users compose paths from different sets ofservers (in the classical approach), then breakinganonymity is possibleonline onions – the users compose navigators from a fixedstable set of servers
I enforcing „vertex mixing”helps to reduce the paths lengths without loosing provableprivacy
I adaptiveness: high traffic ⇒ the paths can be shorterreduction of communication overhead
I layered architecture
I onions can be prepared in advance
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 106: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/106.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Further Advantages
I if different users compose paths from different sets ofservers (in the classical approach), then breakinganonymity is possibleonline onions – the users compose navigators from a fixedstable set of servers
I enforcing „vertex mixing”helps to reduce the paths lengths without loosing provableprivacy
I adaptiveness: high traffic ⇒ the paths can be shorterreduction of communication overhead
I layered architecture
I onions can be prepared in advance
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 107: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/107.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Further Advantages
I if different users compose paths from different sets ofservers (in the classical approach), then breakinganonymity is possibleonline onions – the users compose navigators from a fixedstable set of servers
I enforcing „vertex mixing”helps to reduce the paths lengths without loosing provableprivacy
I adaptiveness: high traffic ⇒ the paths can be shorterreduction of communication overhead
I layered architecture
I onions can be prepared in advance
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 108: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/108.jpg)
IntroductionNew approach
Conclusions
Universal Re-encryptionURE-OnionsOnline Merge Onions
Further Advantages
I if different users compose paths from different sets ofservers (in the classical approach), then breakinganonymity is possibleonline onions – the users compose navigators from a fixedstable set of servers
I enforcing „vertex mixing”helps to reduce the paths lengths without loosing provableprivacy
I adaptiveness: high traffic ⇒ the paths can be shorterreduction of communication overhead
I layered architecture
I onions can be prepared in advance
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 109: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/109.jpg)
IntroductionNew approach
Conclusions
Comparison
Classical Onions Online Merge Onions
message sizeS=O(λ+|m|) ≈4S
preprocessing possibleno partially
messages tracing*easy hard
repetitive attack**easy harder
traffic change– decrease
required knowledge of ne-
twork topology
full limited
traffic adaptivenessno yes
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 110: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/110.jpg)
IntroductionNew approach
Conclusions
Comparison
Classical Onions Online Merge Onions
message sizeS=O(λ+|m|) ≈4S
preprocessing possibleno partially
messages tracing*easy hard
repetitive attack**easy harder
traffic change– decrease
required knowledge of ne-
twork topology
full limited
traffic adaptivenessno yes
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 111: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/111.jpg)
IntroductionNew approach
Conclusions
Comparison
Classical Onions Online Merge Onions
message sizeS=O(λ+|m|) ≈4S
preprocessing possibleno partially
messages tracing*easy hard
repetitive attack**easy harder
traffic change– decrease
required knowledge of ne-
twork topology
full limited
traffic adaptivenessno yes
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 112: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/112.jpg)
IntroductionNew approach
Conclusions
Comparison
Classical Onions Online Merge Onions
message sizeS=O(λ+|m|) ≈4S
preprocessing possibleno partially
messages tracing*easy hard
repetitive attack**easy harder
traffic change– decrease
required knowledge of ne-
twork topology
full limited
traffic adaptivenessno yes
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 113: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/113.jpg)
IntroductionNew approach
Conclusions
Comparison
Classical Onions Online Merge Onions
message sizeS=O(λ+|m|) ≈4S
preprocessing possibleno partially
messages tracing*easy hard
repetitive attack**easy harder
traffic change– decrease
required knowledge of ne-
twork topology
full limited
traffic adaptivenessno yes
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 114: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/114.jpg)
IntroductionNew approach
Conclusions
Comparison
Classical Onions Online Merge Onions
message sizeS=O(λ+|m|) ≈4S
preprocessing possibleno partially
messages tracing*easy hard
repetitive attack**easy harder
traffic change– decrease
required knowledge of ne-
twork topology
full limited
traffic adaptivenessno yes
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 115: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/115.jpg)
IntroductionNew approach
Conclusions
Comparison
Classical Onions Online Merge Onions
message sizeS=O(λ+|m|) ≈4S
preprocessing possibleno partially
messages tracing*easy hard
repetitive attack**easy harder
traffic change– decrease
required knowledge of ne-
twork topology
full limited
traffic adaptivenessno yes
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 116: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/116.jpg)
IntroductionNew approach
Conclusions
Comparison
Classical Onions Online Merge Onions
message sizeS=O(λ+|m|) ≈4S
preprocessing possibleno partially
messages tracing*easy hard
repetitive attack**easy harder
traffic change– decrease
required knowledge of ne-
twork topology
full limited
traffic adaptivenessno yes
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 117: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/117.jpg)
IntroductionNew approach
Conclusions
Comparison
Classical Onions Online Merge Onions
message sizeS=O(λ+|m|) ≈4S
preprocessing possibleno partially
messages tracing*easy hard
repetitive attack**easy harder
traffic change– decrease
required knowledge of ne-
twork topology
full limited
traffic adaptivenessno yes
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding
![Page 118: Anonymous communication with on-line and off-line onion encoding · 2007-12-22 · Introduction New approach Conclusions Anonymous communication with on-line and off-line onion encoding](https://reader034.vdocuments.net/reader034/viewer/2022050311/5f7337573d687450030d5f5f/html5/thumbnails/118.jpg)
IntroductionNew approach
Conclusions
Thank you for attention!
Marek Klonowski, Mirosław Kutyłowski, Filip Zagórski Anonymous communication with on-line and off-line onion encoding