{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,26]],"date-time":"2025-07-26T09:05:50Z","timestamp":1753520750311,"version":"3.41.0"},"publisher-location":"Cham","reference-count":49,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319281650"},{"type":"electronic","value":"9783319281667"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-28166-7_13","type":"book-chapter","created":{"date-parts":[[2016,1,8]],"date-time":"2016-01-08T15:29:04Z","timestamp":1452266944000},"page":"263-286","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["Post-Quantum Forward-Secure Onion Routing"],"prefix":"10.1007","author":[{"given":"Satrajit","family":"Ghosh","sequence":"first","affiliation":[]},{"given":"Aniket","family":"Kate","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,1,9]]},"reference":[{"key":"13_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"595","DOI":"10.1007\/978-3-642-03356-8_35","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"B Applebaum","year":"2009","unstructured":"Applebaum, B., Cash, D., Peikert, C., Sahai, A.: Fast cryptographic primitives and circular-secure encryption based on hard learning problems. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 595\u2013618. Springer, Heidelberg (2009)"},{"key":"13_CR2","doi-asserted-by":"crossref","unstructured":"Backes, M., Goldberg, I., Kate, A., Mohammadi, E.: Provably secure and practical onion routing. In: Proceedings of 25th IEEE Computer Security Foundations Symposium (CSF) (2012)","DOI":"10.1109\/CSF.2012.32"},{"key":"13_CR3","doi-asserted-by":"crossref","unstructured":"Backes, M., Kate, A., Mohammadi, E.: Ace: an efficient key-exchange protocol for onion routing. In: WPES, pp. 55\u201364. ACM (2013)","DOI":"10.1145\/2381966.2381974"},{"key":"13_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/3-540-48329-2_21","volume-title":"Advances in Cryptology - CRYPTO \u201993","author":"M Bellare","year":"1994","unstructured":"Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232\u2013249. Springer, Heidelberg (1994)"},{"key":"13_CR5","doi-asserted-by":"crossref","unstructured":"Bernstein, D.J.: Curve25519: new diffie-hellman speed records. In: PKC 2006, pp. 207\u2013228 (2006)","DOI":"10.1007\/11745853_14"},{"key":"13_CR6","doi-asserted-by":"crossref","unstructured":"Bos, J.W., Costello, C., Naehrig, M., Stebila, D.: Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In: IACR Cryptology ePrint Archive, 2014. To appear at IEEE Security and Privacy Symposium 2015 (2014)","DOI":"10.1109\/SP.2015.40"},{"key":"13_CR7","doi-asserted-by":"crossref","unstructured":"Brakerski, Z., Langlois, A., Peikert, C., Regev, O., Stehl\u00e9, D.: Classical hardness of learning with errors. In: STOC 2013, pp. 575\u2013584 (2013)","DOI":"10.1145\/2488608.2488680"},{"key":"13_CR8","doi-asserted-by":"crossref","unstructured":"Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: FOCS 2001, pp. 136\u2013145 (2001)","DOI":"10.1007\/3-540-44647-8_2"},{"key":"13_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"453","DOI":"10.1007\/3-540-44987-6_28","volume-title":"Advances in Cryptology - EUROCRYPT 2001","author":"R Canetti","year":"2001","unstructured":"Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453\u2013474. Springer, Heidelberg (2001)"},{"key":"13_CR10","doi-asserted-by":"crossref","unstructured":"Catalano, D., Fiore, D., Gennaro, R.: Certificateless onion routing. In: Proceedings of 16th ACM Conference on Computer and Communication Security (CCS), pp. 151\u2013160 (2009)","DOI":"10.1145\/1653662.1653682"},{"issue":"2","key":"13_CR11","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1145\/358549.358563","volume":"4","author":"D Chaum","year":"1981","unstructured":"Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 4(2), 84\u201388 (1981)","journal-title":"Commun. ACM"},{"key":"13_CR12","doi-asserted-by":"crossref","unstructured":"Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: design of a type III anonymous remailer protocol. In: Proceedings of 24th IEEE Symposium on Security and Privacy, pp. 2\u201315 (2003)","DOI":"10.1109\/SECPRI.2003.1199323"},{"key":"13_CR13","unstructured":"Ding, J., Xie, X., Lin, X.: A simple provably secure key exchange scheme based on the learning with errors problem. Cryptology ePrint Archive, Report 2012\/688 (2012). http:\/\/eprint.iacr.org\/"},{"key":"13_CR14","unstructured":"Dingledine, R., Mathewson, N.: Design of a Blocking-Resistant Anonymity System. Technical report. https:\/\/svn.torproject.org\/svn\/projects\/design-paper\/blocking.pdf"},{"key":"13_CR15","unstructured":"Dingledine, R., Mathewson, N.: Tor Protocol Specification. https:\/\/gitweb.torproject.org\/torspec.git?a=blob_plain;f=tor-spec.txt"},{"key":"13_CR16","doi-asserted-by":"crossref","unstructured":"Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: 13th USENIX Security Symposium (USENIX), pp. 303\u2013320 (2004)","DOI":"10.21236\/ADA465464"},{"key":"13_CR17","doi-asserted-by":"crossref","unstructured":"Ducas, L., Durmus, A.: Ring-LWE in polynomial rings. In: PKC 2012, pp. 34\u201351 (2012)","DOI":"10.1007\/978-3-642-30057-8_3"},{"key":"13_CR18","doi-asserted-by":"crossref","unstructured":"Fouque, P.-A., Pointcheval, D., Zimmer, S.: HMAC is a randomness extractor and applications to TLS. In: ACM ASIACCS 2008, pp. 21\u201332 (2008)","DOI":"10.1145\/1368310.1368317"},{"key":"13_CR19","doi-asserted-by":"crossref","unstructured":"Fujioka, A., Suzuki, K., Xagawa, K., Yoneyama, K.: Strongly secure authenticated key exchange from factoring, codes, and lattices. In: PKC 2012, pp. 467\u2013484 (2012)","DOI":"10.1007\/978-3-642-30057-8_28"},{"key":"13_CR20","doi-asserted-by":"crossref","unstructured":"Fujioka, A., Suzuki, K., Xagawa, K., Yoneyama, K.: Practical and post-quantum authenticated key exchange from one-way secure key encapsulation mechanism. In: ACM ASIACCS 2013, pp. 83\u201394 (2013)","DOI":"10.1145\/2484313.2484323"},{"key":"13_CR21","doi-asserted-by":"crossref","unstructured":"Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC 2009, pp. 169\u2013178 (2009)","DOI":"10.1145\/1536414.1536440"},{"key":"13_CR22","unstructured":"Ghosh, S., Kate, A.: Post-quantum forward-secure onion routing. Cryptology ePrint Archive, Report 2015\/008 (2015). http:\/\/eprint.iacr.org\/"},{"key":"13_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"316","DOI":"10.1007\/11957454_18","volume-title":"Privacy Enhancing Technologies","author":"I Goldberg","year":"2006","unstructured":"Goldberg, I.: On the security of the tor authentication protocol. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 316\u2013331. Springer, Heidelberg (2006)"},{"key":"13_CR24","doi-asserted-by":"crossref","unstructured":"Goldberg, I.: Privacy enhancing technologies for the internet III: ten years later. In: Digital Privacy: Theory, Technologies and Practices, pp. 3\u201318 (2007)","DOI":"10.1201\/9781420052183.ch1"},{"issue":"2","key":"13_CR25","doi-asserted-by":"publisher","first-page":"245","DOI":"10.1007\/s10623-011-9604-z","volume":"67","author":"I Goldberg","year":"2013","unstructured":"Goldberg, I., Stebila, D., Ustaoglu, B.: Anonymity and one-way authentication in key exchange protocols. Des. Codes Crypt. 67(2), 245\u2013269 (2013)","journal-title":"Des. Codes Crypt."},{"key":"13_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"512","DOI":"10.1007\/978-3-642-33027-8_30","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2012","author":"N G\u00f6ttert","year":"2012","unstructured":"G\u00f6ttert, N., Feller, T., Schneider, M., Buchmann, J., Huss, S.: On the design of hardware building blocks for modern lattice-based encryption schemes. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 512\u2013529. Springer, Heidelberg (2012)"},{"key":"13_CR27","unstructured":"Granlund, T., The GMP Development Team.: GMP: the GNU Multiple Precision Arithmetic Library, 6.0 edn (2014). http:\/\/gmplib.org\/"},{"key":"13_CR28","doi-asserted-by":"crossref","unstructured":"Kate, A., Goldberg, I.: Using sphinx to improve onion routing circuit construction. In: FC 2010, pp. 359\u2013366 (2010)","DOI":"10.1007\/978-3-642-14577-3_30"},{"key":"13_CR29","doi-asserted-by":"crossref","unstructured":"Kate, A., Zaverucha, G.M., Goldberg, I.: Pairing-based onion routing. In: PETS 2007, pp. 95\u2013112 (2007)","DOI":"10.1007\/978-3-540-75551-7_7"},{"issue":"4","key":"13_CR30","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1145\/1880022.1880023","volume":"13","author":"A Kate","year":"2010","unstructured":"Kate, A., Zaverucha, G.M., Goldberg, I.: Pairing-based onion routing with improved forward secrecy. ACM Trans. Inf. Syst. Secur. 13(4), 29 (2010)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"13_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"546","DOI":"10.1007\/11535218_33","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"H Krawczyk","year":"2005","unstructured":"Krawczyk, H.: HMQV: a high-performance secure diffie-hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546\u2013566. Springer, Heidelberg (2005)"},{"key":"13_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"631","DOI":"10.1007\/978-3-642-14623-7_34","volume-title":"Advances in Cryptology \u2013 CRYPTO 2010","author":"H Krawczyk","year":"2010","unstructured":"Krawczyk, H.: Cryptographic extraction and key derivation: the HKDF scheme. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 631\u2013648. Springer, Heidelberg (2010)"},{"key":"13_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"319","DOI":"10.1007\/978-3-642-19074-2_21","volume-title":"Topics in Cryptology \u2013 CT-RSA 2011","author":"R Lindner","year":"2011","unstructured":"Lindner, R., Peikert, C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319\u2013339. Springer, Heidelberg (2011)"},{"key":"13_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/978-3-540-78524-8_3","volume-title":"Theory of Cryptography","author":"V Lyubashevsky","year":"2008","unstructured":"Lyubashevsky, V., Micciancio, D.: Asymptotically efficient lattice-based digital signatures. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 37\u201354. Springer, Heidelberg (2008)"},{"issue":"6","key":"13_CR35","doi-asserted-by":"publisher","first-page":"43:1","DOI":"10.1145\/2535925","volume":"60","author":"V Lyubashevsky","year":"2013","unstructured":"Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. J. ACM 60(6), 43:1\u201343:35 (2013)","journal-title":"J. ACM"},{"key":"13_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1007\/3-540-44670-2_11","volume-title":"Cryptography and Lattices","author":"D Micciancio","year":"2001","unstructured":"Micciancio, D.: Improving lattice based cryptosystems using the hermite normal form. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 126\u2013145. Springer, Heidelberg (2001)"},{"key":"13_CR37","doi-asserted-by":"crossref","unstructured":"Micciancio, D., Regev, O.: Lattice-based cryptography. In: Post-Quantum Cryptography, pp. 147\u2013191 (2009)","DOI":"10.1007\/978-3-540-88702-7_5"},{"key":"13_CR38","doi-asserted-by":"crossref","unstructured":"Okamoto, T., Pointcheval, D.: The gap-problems: a new class of problems for the security of cryptographic schemes. In: PKC 2001, pp. 104\u2013118 (2001)","DOI":"10.1007\/3-540-44586-2_8"},{"key":"13_CR39","doi-asserted-by":"crossref","unstructured":"\u00d8verlier, L., Syverson, P.: Improving efficiency and simplicity of tor circuit establishment and hidden services. In: PETS 2007, pp. 134\u2013152 (2007)","DOI":"10.1007\/978-3-540-75551-7_9"},{"key":"13_CR40","doi-asserted-by":"crossref","unstructured":"Peikert, C.: Public-key cryptosystems from the worst-case shortest vector problem: extended abstract. In: STOC 2009, pp. 333\u2013342 (2009)","DOI":"10.1145\/1536414.1536461"},{"key":"13_CR41","unstructured":"Peikert, C.: Lattice Cryptography for the Internet. Cryptology ePrint Archive, Report 2014\/070 (2014). http:\/\/eprint.iacr.org\/"},{"issue":"4","key":"13_CR42","first-page":"482","volume":"16","author":"M Reed","year":"1998","unstructured":"Reed, M., Syverson, P., Goldschlag, D.: Anonymous connections and onion routing. IEEE J-SAC 16(4), 482\u2013494 (1998)","journal-title":"IEEE J-SAC"},{"issue":"6","key":"13_CR43","doi-asserted-by":"publisher","first-page":"899","DOI":"10.1145\/1039488.1039490","volume":"51","author":"O Regev","year":"2004","unstructured":"Regev, O.: New lattice-based cryptographic constructions. J. ACM 51(6), 899\u2013942 (2004)","journal-title":"J. ACM"},{"key":"13_CR44","doi-asserted-by":"crossref","unstructured":"Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC 2005, pp. 84\u201393 (2005)","DOI":"10.1145\/1060590.1060603"},{"key":"13_CR45","doi-asserted-by":"crossref","unstructured":"Rennhard, M., Plattner, B.: Introducing MorphMix: peer-to-peer based anonymous internet usage with collusion detection. In: ACM WPES 2002, pp. 91\u2013102 (2002)","DOI":"10.1145\/644527.644537"},{"key":"13_CR46","unstructured":"Roy, S.S., Vercauteren, F., Mentens, N., Chen, D.D., Verbauwhede, I.: Compact Ring-LWE based Cryptoprocessor. Cryptology ePrint Archive, Report 2013\/866 (2013). http:\/\/eprint.iacr.org\/"},{"key":"13_CR47","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"246","DOI":"10.1007\/978-3-319-11659-4_15","volume-title":"Post-Quantum Cryptography","author":"F Song","year":"2014","unstructured":"Song, F.: A note on quantum security for post-quantum cryptography. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 246\u2013265. Springer, Heidelberg (2014)"},{"key":"13_CR48","unstructured":"The Tor Project. https:\/\/www.torproject.org\/ (2003). Accessed November 2014"},{"key":"13_CR49","unstructured":"Zhang, J., Zhang, Z., Ding, J., Snook, M., Dagdelen, O.: Authenticated Key Exchange from Ideal Lattices. Cryptology ePrint Archive, Report 2014\/589 (2014). http:\/\/eprint.iacr.org\/. To appear at Eurocrypt 2015"}],"container-title":["Lecture Notes in Computer Science","Applied Cryptography and Network Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-28166-7_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,1]],"date-time":"2025-06-01T02:42:49Z","timestamp":1748745769000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-28166-7_13"}},"subtitle":["(Future Anonymity in Today\u2019s Budget)"],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319281650","9783319281667"],"references-count":49,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-28166-7_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"9 January 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}