Repelling Detour Attack against Onions with Re-Encryption
 Marek Klonowski, Miroslaw Kutylowski, Anna Lauks 
   Wroclaw University of Technology

This paper is devoted to ModOnions-- an anonymous communication 
protocol, for which a message is encoded as a set of onions and 
sent through intermediate nodes so that each node
knows only its predecessor and its successor on the routing path.   
Moreover, encoding details enable universal re-encryption: 
each node re-encrypts the message so that no observer can link  
together the ciphertexts before and after re-encryption. 
Re-encryption can be performed without any public key. 

ModOnions were supposed to offer many additional features 
over classical onion  protocols, such as resilience against replay
attack. However,  during ISC'2006 George Danezis presented 
a detour attack against this construction. It enables to redefine 
the routing path by inserting intermediate corrupt nodes between 
each two nodes of the original routing path. In this way anonymity 
becomes completely broken. We show that after slight changes 
in the protocol the attack does not work anymore. 
The patch proposed can also be seen as  as a general method 
of enforcing who is the final addressee of a message encrypted 
with the ElGamal scheme and multiple public keys.

* accepted for ACNS'2008, to appear in LNCS, Springer Verlag