Paper 2017/888

Asynchronous provably-secure hidden services

Philippe Camacho and Fernando Krell


The client-server architecture is one of the most widely used in the Internet for its simplicity and flexibility. In practice the server is assigned a public address so that its services can be consumed. This makes theserver vulnerable to a number of attacks such as Distributed Denial of Service (DDoS), censorship from authoritarian governments or exploitationof software vulnerabilities. In this work we propose an asynchronous protocol for allowing a client to issue requests to a server without revealing any information about the location of the server. In addition, our solution reveals limited information about the network topology, leaking only the distance from the client to the corrupted participants. We also provide a simulation-based security definition capturing the requirement described above. Our protocol is secure in the semi-honest model against any number of colluding participants, and has linear communication complexity. Finally, we extend our solution to handle active adversaries. We show that malicious participants can only trigger a premature termination of the protocol, in which case they are identified. For this solution the communication complexity becomes quadratic. To the best of our knowledge our solution is the first asynchronous protocol that provides strong security guarantees.

Note: Fix in protocol for active adversaries.

Available format(s)
Publication info
Published elsewhere. MINOR revision.CT-RSA 2018
hidden serversanonymity
Contact author(s)
philippe camacho @ dreamlab net
2018-06-12: last of 3 revisions
2017-09-17: received
See all versions
Short URL
Creative Commons Attribution


      author = {Philippe Camacho and Fernando Krell},
      title = {Asynchronous provably-secure hidden services},
      howpublished = {Cryptology ePrint Archive, Paper 2017/888},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.