Repelling Detour Attack Against Onions With Re-Encryption

This paper is devoted to ModOnions - an anonymous communication protocol, for which a message is encoded a, a set of onions and sent through intermediate nodes so that each node knows only its predecessor and its successor on the routing path. Moreover, encoding details enable universal re-encryption: each node re-encrypts the message so that no observer can link together the ciphertexts before and after re-encryption and re-encryption can be performed without, any public key. ModOnions were supposed to offer many additional features over classical onion protocols, such as resilience against replay attack. However, during ISC'2006 George Danezis presented a detour attack against this construction. It enables to redefine the routing path by inserting intermediate corrupt nodes between each two nodes of the original routing path. In this way anonymity becomes completely broken. We show that after slight changes in the protocol the attack does not work anymore. The patch proposed can also be seen as a general method of enforcing who is the final addressee of a message encrypted with the ElGamal scheme and multiple public keys.