Onion routing and mix networks are fundamental concepts to provide users with anonymous access to the Internet. Various corresponding solutions rely on the efficient Sphinx packet format. However, flaws in Sphinx's underlying proof strategy were found recently. It is thus currently unclear which guarantees Sphinx actually provides, and, even worse, there is no suitable proof strategy available. In this paper, we restore the security foundation for all these works by building a theoretical framework for Sphinx. We discover that the previously-used DDH assumption is insufficient for a security proof and show that the Gap Diffie-Hellman (GDH) assumption is required instead. We apply it to prove that a slightly adapted version of the Sphinx packet format is secure under the GDH assumption. Ours is the first work to provide a detailed, in-depth security proof for Sphinx in this manner. Our adaptations to Sphinx are necessary, as we demonstrate with an attack on sender privacy that would be possible otherwise.

翻译：洋葱路由与混合网络是实现用户匿名互联网访问的基础概念。各类解决方案普遍依赖高效的Sphinx数据包格式。然而，近期发现Sphinx底层证明策略存在缺陷，导致目前尚不明确Sphinx实际能提供何种安全保证，更严重的是当前缺乏合适的证明策略。本文通过构建Sphinx的理论框架，为所有相关研究重建了安全基础。我们发现，传统使用的DDH假设不足以支撑安全性证明，转而需要Gap Diffie-Hellman (GDH)假设。我们应用该假设证明了经轻微调整的Sphinx数据包格式在GDH假设下是安全的。本文是首个以该方式为Sphinx提供详尽深入安全性证明的研究工作。我们对Sphinx的调整是必要的——我们通过一个可能破坏发送者隐私的攻击实例，证明了不进行调整将存在的安全隐患。