TY - GEN
T1 - Onion Encryption Revisited
T2 - 21st International Conference on Information Security and Cryptology, Inscrypt 2025
AU - Chao, Daichong
AU - Zhu, Liehuang
AU - Xu, Dawei
AU - Wu, Tong
AU - Zhang, Chuan
AU - Guo, Fuchun
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2026.
PY - 2026
Y1 - 2026
N2 - This paper compares the relative strengths of prominent security notions for onion encryption within the Tor setting, specifically focusing on CircuitHiding (EUROCRYPT 2018, an anonymity flavor notion) and OnionAE (PETS 2018, a stateful authenticated encryption flavor notion). Although both are state-of-the-art, Tor-specific notions, they have exhibited different definitional choices, along with variations in complexity and usability. By employing an indirect approach, we compare them using a set of onion layer-centric notions: IND$-CPA, IPR/IPR+, and INT-sfCTXT, to compare with the two, respectively. Since the same notion set that implies OnionAE does not imply CircuitHiding, and vice versa, this leads to the conclusion that OnionAE and CircuitHiding are mutually separable. Therefore, neither notion fully expresses satisfactory security on its own. Importantly, IND$-CPA, IPR+ (a stronger variant of IPR), and INT-sfCTXT collectively and strictly imply OnionAE and CircuitHiding. Given their onion layer-centric and thus simpler nature, this provides a practical approach to simultaneously satisfying CircuitHiding and OnionAE. While the formal treatment of (general) public-key onion routing has been relatively well-studied, formal treatment tailored to Tor remains insufficient, and thus our work narrows this gap.
AB - This paper compares the relative strengths of prominent security notions for onion encryption within the Tor setting, specifically focusing on CircuitHiding (EUROCRYPT 2018, an anonymity flavor notion) and OnionAE (PETS 2018, a stateful authenticated encryption flavor notion). Although both are state-of-the-art, Tor-specific notions, they have exhibited different definitional choices, along with variations in complexity and usability. By employing an indirect approach, we compare them using a set of onion layer-centric notions: IND$-CPA, IPR/IPR+, and INT-sfCTXT, to compare with the two, respectively. Since the same notion set that implies OnionAE does not imply CircuitHiding, and vice versa, this leads to the conclusion that OnionAE and CircuitHiding are mutually separable. Therefore, neither notion fully expresses satisfactory security on its own. Importantly, IND$-CPA, IPR+ (a stronger variant of IPR), and INT-sfCTXT collectively and strictly imply OnionAE and CircuitHiding. Given their onion layer-centric and thus simpler nature, this provides a practical approach to simultaneously satisfying CircuitHiding and OnionAE. While the formal treatment of (general) public-key onion routing has been relatively well-studied, formal treatment tailored to Tor remains insufficient, and thus our work narrows this gap.
KW - Anonymity
KW - Notion relationship
KW - Onion encryption
KW - Onion routing
KW - Tor
UR - https://www.scopus.com/pages/publications/105028251941
U2 - 10.1007/978-981-95-6206-0_11
DO - 10.1007/978-981-95-6206-0_11
M3 - Conference contribution
AN - SCOPUS:105028251941
SN - 9789819562053
T3 - Lecture Notes in Computer Science
SP - 210
EP - 228
BT - Information Security and Cryptology - 21st International Conference, Inscrypt 2025, Revised Selected Papers
A2 - Chen, Rongmao
A2 - Deng, Robert H.
A2 - Yung, Moti
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 19 October 2025 through 22 October 2025
ER -