(1)


[1] Masayuki Abe. Universally verifiable mix-net with verification work in-
dependent of the number of mix-servers. In Kaisa Nyberg, editor, Ad-
vances in Cryptology EUROCRYPT '98, pages 437447, Helsinki, Fin-
land, 1998. Springer-Verlag, LNCS 1403.
[2] Alessandro Acquisti, Roger Dingledine, and Paul Syverson. On the eco-
nomics of anonymity. In Rebecca N. Wright, editor, Financial Cryptog-
raphy, 7th International Conference, FC 2003, pages 84102. Springer-
Verlag, LNCS 2742, 2003.
[3] Ben Adida and Douglas Wikstrm. Obfuscated ciphertext mixing. Cryp-
tology ePrint Archive, Report 2005/394, November 2005.
[4] Dakshi Agrawal, Dogan Kesdogan, and Stefan Penz. Probabilistic treat-
ment of mixes to hamper traffic analysis. In Proceedings, 2003 IEEE Sym-
posium on Security and Privacy, pages 1627. IEEE Computer Society,
May 2003.
[5] Ross Anderson. The eternity service. In 1st International Conference on
the Theory and Applications of Cryptology (Pragocrypt '96), pages 242
252, Prague, Czech Republic, September/October 1996. Czech Technical
University Publishing House.
[6] Dmitri Asonov and Johann-Christoph Freytag. Almost optimal private
information retrieval. In Roger Dingledine and Paul Syverson, editors,
Privacy Enhancing Technologies: Second International Workshop, PET
2002, pages 239243, San Francisco, CA, USA, April 2002. Springer-
Verlag, LNCS 2482.
[7] Giuseppe Ateniese, Jan Camenisch, and Breno de Medeiros. Untrace-
able RFID tags via insubvertible encryption. In Catherine Meadows and
Paul Syverson, editors, CCS'05: Proceedings of the 12th ACM Conference
on Computer and Communications Security, pages 92101. ACM Press,
November 2005.
[8] Adam Back, Ian Goldberg, and Adam Shostack. Freedom systems 2.0
security issues and analysis. White paper, Zero Knowledge Systems, Inc.,
October 2001. The attributed date is that printed at the head of the
paper. The cited work is, however, superceded by documents that came
before Oct. 2001, e.g., [9].
[9] Adam Back, Ian Goldberg, and Adam Shostack. Freedom systems 2.1
security issues and analysis. White paper, Zero Knowledge Systems, Inc.,
May 2001.
[10] Adam Back, Ulf Mller, and Anton Stiglic. Traffic analysis attacks and
trade-offs in anonymity providing systems. In Ira S. Moskowitz, editor,
Information Hiding: 4th International Workshop, IH 2001, pages 245
257, Pittsburgh, PA, USA, April 2001. Springer-Verlag, LNCS 2137.
[11] Kevin Bauer, Damon McCoy, Dirk Grunwald, Tadayoshi Kohno, and Dou-
glas Sicker. Low-resource routing attacks against Tor. In Ting Yu, editor,
WPES'07: Proceedings of the 2007 ACM Workshop on Privacy in the
Electronic Society, pages 1120. ACM Press, October 2007.
[12] Amos Beimel and Shlomi Dolev. Buses for anonymous message delivery.
Journal of Cryptology, 16(1):2539, 2003.
[13] Krista Bennett and Christian Grothoff. GAP practical anonymous
networking. In Roger Dingledine, editor, Privacy Enhancing Technolo-
gies: Third International Workshop, PET 2003, pages 141160. Springer-
Verlag, LNCS 2760, 2003.
[14] Ron Berman, Amos Fiat, and Amnon Ta-Shma. Provable unlinkabil-
ity against traffic analysis. In Ari Juels, editor, Financial Cryptography,
8th International Conference, FC 2004, pages 266289. Springer-Verlag,
LNCS 3110, February 2004.
[15] Oliver Berthold, Hannes Federrath, and Stefan Kpsell. Web MIXes: A
o
system for anonymous and unobservable Internet access. In Hannes Fed-
errath, editor, Designing Privacy Enhancing Technologies: International
Workshop on Design Issues in Anonymity and Unobservability, pages 115
129. Springer-Verlag, LNCS 2009, July 2000.
[16] Oliver Berthold and Heinrich Langos. Dummy traffic against long term
intersection attacks. In Roger Dingledine and Paul Syverson, editors,
Privacy Enhancing Technologies: Second International Workshop, PET
2002, pages 110128, San Francisco, CA, USA, April 2002. Springer-
Verlag, LNCS 2482.
[17] Oliver Berthold, Andreas Pfitzmann, and Ronny Standtke. The disadvan-
tages of free MIX routes and how to overcome them. In Hannes Federrath,
editor, Designing Privacy Enhancing Technologies: International Work-
shop on Design Issues in Anonymity and Unobservability, pages 3045.
Springer-Verlag, LNCS 2009, July 2000.
[18] John Bethencourt, Dawn Xiaodong Song, and Brent Waters. New con-
structions and practical applications for private stream searching (ex-
tended abstract). In 2006 IEEE Symposium on Security and Privacy (S&
P 2006), Proceedings, pages 132139. IEEE Computer Society, May 2006.
[19] George Dean Bissias, Marc Liberatore,, and Brian Neil Levine. Pri-
vacy vulnerabilities in encrypted HTTP streams. In George Danezis and
David Martin, editors, Privacy Enhancing Technologies: 5th International
Workshop, PET 2005, Cavtat Croatia, 2005. Springer-Verlag, LNCS 3856.
[20] Avrim Blum, Dawn Xiaodong Song, and Shobha Venkataraman. Detec-
tion of interactive stepping stones: Algorithms and confidence bounds. In
Erland Jonsson, Alfonso Valdes, and Magnus Almgren, editors, Recent Ad-
vances in Intrusion Detection 7th International Symposium, RAID 2004,
pages 258277, Sophia Antipolis, France, 2004. Springer-Verlag, LNCS
765.
[21] Nikita Borisov. An analysis of parallel mixing with attacker-controlled
inputs. In George Danezis and David Martin, editors, Privacy Enhanc-
ing Technologies: 5th International Workshop, PET 2005, pages 1225,
Cavtat Croatia, 2005. Springer-Verlag, LNCS 3856.
[22] Nikita Borisov. Anonymous Routing in Structured Peer-to-Peer Overlays.
PhD thesis, University of California, Berkeley, 2005.
[23] Philippe Boucher, Adam Shostack, and Ian Goldberg. Freedom systems
2.0 architecture. White paper, Zero Knowledge Systems, Inc., December
2000.
[24] Justin Boyan. The Anonymizer: Protecting user privacy on the web. CMC
Magazine, September 1997.
[25] Zach Brown. Cebolla: Pragmatic IP Anonymity. In Proceedings of the
2002 Ottawa Linux Symposium, June 2002.
[26] Jan Camenisch and Anna Lysyanskaya. A formal treatment of onion
routing. In Victor Shoup, editor, Advances in Cryptology CRYPTO
2005: 25th Annual International Cryptology Conference, pages 169187.
Springer-Verlag, LNCS 3621, August 2005.
[27] David Chaum. Untraceable electronic mail, return addresses, and digital
pseudonyms. Communications of the ACM, 4(2):8488, February 1981.
[28] David Chaum. Blind signatures for untraceable payments. In David
Chaum, Ronald L. Rivest, and Alan T. Sherman, editors, Advances in
Cryptology CRYPTO '82, pages 199203, New York and London, 1983.
Plenum Press.
[29] David Chaum. Security without identification: Transaction systems to
make big brother obsolete. Communications of the ACM, 28(10):1030
1044, October 1985.
[30] David Chaum. The dining cryptographers problem: Unconditional sender
and recipient untraceability. Journal of Cryptology, 1(1):6575, 1988.
[31] Heyning Cheng and Ron Avnur. Traffic analysis of ssl encrypted web
[32] Giusseppe Ciaccio. Improving sender anonymity in a structured overlay
with imprecise routing. In George Danezis and Philippe Golle, editors,
Privacy Enhancing Technologies: 6th International Workshop, PET 2006,
pages 190207. Springer-Verlag, LNCS 4258, 2006.
[33] Ian Clarke, Oskar Sandberg, Brandon Wiley, and Theodore W. Hong.
Freenet: A distributed anonymous information storage and retrieval sys-
tem. In Hannes Federrath, editor, Designing Privacy Enhancing Tech-
nologies: International Workshop on Design Issues in Anonymity and
Unobservability, pages 4666. Springer-Verlag, LNCS 2009, 2000.
[34] Richard Clayton. Failure in a hybrid content blocking system. In George
Danezis and David Martin, editors, Privacy Enhancing Technologies: 5th
International Workshop, PET 2005, pages 7892, Cavtat Croatia, 2005.
Springer-Verlag, LNCS 3856.
[35] Richard Clayton, Steven J. Murdoch, and Robert N. M. Watson. Ignoring
the great firewall of china. In George Danezis and Philippe Golle, editors,
Privacy Enhancing Technologies: 6th International Workshop, PET 2006,
pages 2035. Springer-Verlag, LNCS 4258, 2006.
[36] George Danezis. Traffic analysis of the HTTP protocol over TLS. http:
//www.cl.cam.ac.uk/gd216/TLSanon.pdf.
[37] George Danezis. Forward secure mixes. In Jonsson Fisher-Hubner, editor,
Nordic workshop on Secure IT Systems (NordSec 2002), pages 195207,
Karlstad, Sweden, November 2002.
[38] George Danezis. Mix-networks with restricted routes. In Roger Dingle-
dine, editor, Privacy Enhancing Technologies: Third International Work-
shop, PET 2003, pages 117. Springer-Verlag, LNCS 2760, 2003.
[39] George Danezis. Statistical disclosure attacks. In Gritzalis, Vimercati,
Samarati, and Katsikas, editors, Security and Privacy in the Age of Un-
certainty, (SEC2003), pages 421426, Athens, May 2003. IFIP TC11,
Kluwer.
[40] George Danezis. The traffic analysis of continuous-time mixes. In David
Martin and Andrei Serjantov, editors, Privacy Enhancing Technologies:
4th International Workshop, PET 2004. Springer-Verlag, LNCS 3424,
May 2005.
[41] George Danezis. Breaking four mix-related schemes based on universal
re-encryption. In Sokratis K. Katsikas, Javier Lopez, Michael Backes,
Stefanos Gritzalis, and Bart Preneel, editors, Information Security 9th
International Conference, ISC 2006, pages 4659, Samos Island, Greece,
September 2006. Springer-Verlag, LNCS 4176.
[42] George Danezis and Richard Clayton. Route fingerprinting in anonymous
communications. In Sixth IEEE International Conference on Peer-to-Peer
Computing, P2P 2006, pages 6972. IEEE Computer Society Press, 2006.
[43] George Danezis and Jolyon Clulow. Compulsion resistant anonymous com-
munications. In Mauro Barni, Jordi Herrera-Joancomart, Stefan Katzen-
beisser, and Fernando Prez-Gonzlez, editors, Information Hiding: 7th
International Workshop, IH 2005, pages 1125. Springer-Verlag, LNCS
3727, June 2005.
[44] George Danezis and Claudia Diaz. Space-efficient private search with
applications to rateless codes. In Sven Dietrich and Rachna Dahamija,
editors, Financial Cryptography and Data Security, 11th International
Conference, FC 2007, and 1st International Workshop on Usable Security,
USEC 2007, pages 148162. Springer-Verlag, LNCS 4886, 2007.[45] George Danezis,
Claudia Diaz, and Carmela Troncoso. Two-sided statis-
tical disclosure attack. In Nikita Borisov and Philippe Golle, editors, Pri-
vacy Enhancing Technologies: 7th International Symposium, PET 2007,
pages 3044. Springer-Verlag, LNCS 4776, 2007.
[46] George Danezis, Roger Dingledine, and Nick Mathewson. Mixminion:
Design of a type III anonymous remailer protocol. In Proceedings, IEEE
Symposium on Security and Privacy, pages 215, Berkeley, CA, May 2003.
IEEE Computer Society.
[47] George Danezis and Ben Laurie. Minx: A simple and efficient anonymous
packet format. In Sabrina De Capitani di Vimercati and Paul Syverson,
editors, WPES'04: Proceedings of the 2004 ACM Workshop on Privacy
in the Electronic Society, pages 5965, Washington, DC, USA, October
2004. ACM Press.
[48] George Danezis and Len Sassaman. Heartbeat traffic to counter (n – 1)
attacks. In Pierangela Samarati and Paul Syverson, editors, WPES'03:
Proceedings of the 2003 ACM Workshop on Privacy in the Electronic So-
ciety, pages 8993, Washington, DC, USA, October 2003. ACM Press.
[49] George Danezis and Andrei Serjantov. Statistical disclosure or intersection
attacks on anonymity systems. In Jessica Fridrich, editor, Information
Hiding: 6th International Workshop, IH 2004, pages 293308. Springer-
Verlag, LNCS 3200, May 2004.
[50] George Danezis and Paul Syverson. Bridging and fingerprinting: Epis-
temic attacks on route selection. In Nikita Borisov and Ian Goldberg, ed-
itors, Privacy Enhancing Technologies: Eighth International Symposium,
PETS 2008, pages 151166. Springer-Verlag, LNCS 5134, July 2008.
[51] Yvo Desmedt and Kaoru Kurosawa. How to break a practical MIX and
design a new one. In Bart Preneel, editor, Advances in Cryptology EU-
ROCRYPT 2000, pages 557572, Bruges, Belgium, May 2000. Springer-
Verlag, LNCS 1807.
[52] Claudia Diaz. Anonymity and Privacy in Electronic Services. PhD thesis,
Katholieke Universiteit Leuven, 2005.
[53] Claudia Diaz, George Danezis, Christian Grothoff, Andreas Pfitzmann,
and Paul F. Syverson. Panel discussion – mix cascades versus peer-to-peer:
Is one concept superior? In David Martin and Andrei Serjantov, editors,
Privacy Enhancing Technologies: 4th International Workshop, PET 2004,
page 242. Springer-Verlag, LNCS 3424, 2005.
[54] Claudia Diaz and Bart Preneel. Reasoning about the anonymity provided
by pool mixes that generate dummy traffic. In Jessica Fridrich, editor,
Information Hiding: 6th International Workshop, IH 2004, pages 309
325. Springer-Verlag, LNCS 3200, May 2004.
[55] Claudia Diaz, Len Sassaman, and Evelyne Dewitte. Comparison between
two practical mix designs. In Pierangela Samarati, Peter Ryan, Dieter
Gollmann, and Refik Molva, editors, Computer Security ESORICS 2004,
9th European Symposium on Research in Computer Security, pages 141
159. Springer-Verlag, LNCS 3193, 2004.
[56] Claudia Diaz and Andrei Serjantov. Generalising mixes. In Roger Dingle-
dine, editor, Privacy Enhancing Technologies: Third International Work-
shop, PET 2003, pages 1831, Dresden, Germany, 2003. Springer-Verlag,
LNCS 2760.
[57] Claudia Diaz, Stefaan Seys, Joris Claessens, and Bart Preneel. Towards
measuring anonymity. In Roger Dingledine and Paul Syverson, editors,
Privacy Enhancing Technologies: Second International Workshop, PET
2002, pages 5468, San Francisco, CA, USA, April 2002. Springer-Verlag,
LNCS 2482.
[58] Claudia Diaz, Carmela Troncoso, and George Danezis. Does additional
information always reduce anonymity? In Ting Yu, editor, WPES'07:
Proceedings of the 2007 ACM Workshop on Privacy in the Electronic So-
ciety, pages 7275. ACM Press, October 2007.
[59] Claudia Diaz, Carmela Troncoso, and Andrei Serjantov. On the impact
of social network profiling on anonymity. In Nikita Borisov and Ian Gold-
berg, editors, Privacy Enhancing Technologies: Eighth International Sym-
posium, PETS 2008, pages 4462. Springer-Verlag, LNCS 5134, July 2008.
[60] T. Dierks and C. Allen. RFC 2246: The TLS protocol version 1.0. http:
//www.ietf.org/rfc/rfc2246.txt, January 1999.
[61] Roger Dingledine, Michael J. Freedman, David Hopwood, and David
Molnar. A reputation system to increase MIX-net reliability. In Ira S.
Moskowitz, editor, Information Hiding: 4th International Workshop, IH
2001, pages 126141, Pittsburgh, PA, USA, April 2001. Springer-Verlag,
LNCS 2137.
[62] Roger Dingledine, Michael J. Freedman, and David Molnar. The free
haven pro ject: Distributed anonymous storage service. In Hannes Fed-
errath, editor, Designing Privacy Enhancing Technologies: International
Workshop on Design Issues in Anonymity and Unobservability, pages 67
95. Springer-Verlag, LNCS 2009, 2000.
[63] Roger Dingledine and Nick Mathewson. Anonymity loves company: Us-
ability and the network effect. In Ross Anderson, editor, Fifth Workshop
on the Economics of Information Security (WEIS 2006), June 2006.
[64] Roger Dingledine and Nick Mathewson. Design of a blocking-resistant
anonymity system (draft). https://www.torproject.org/svn/trunk/
doc/design- paper/blocking.html, May 2007.
[65] Roger Dingledine, Nick Mathewson, and Paul Syverson. Tor: The second-
generation onion router. In Proceedings of the 13th USENIX Security
Symposium, pages 303319. USENIX Association, August 2004.
[66] Roger Dingledine, Nick Mathewson, and Paul Syverson. Deploying low-
latency anonymity: Design challenges and social factors. IEEE Security
& Privacy, 5(5):8387, September/October 2007.
[67] Roger Dingledine, Andrei Serjantov, and Paul Syverson. Blending differ-
ent latency traffic with alpha-mixing. In George Danezis and Philippe
Golle, editors, Privacy Enhancing Technologies: 6th International Work-
shop, PET 2006, pages 245257. Springer-Verlag, LNCS 4258, 2006.
[68] Roger Dingledine, Vitaly Shmatikov, and Paul Syverson. Synchronous
batching: From cascades to free routes. In David Martin and Andrei Ser-
jantov, editors, Privacy Enhancing Technologies: 4th International Work-
shop, PET 2004, pages 186206. Springer-Verlag, LNCS 3424, May 2005.
[69] Roger Dingledine and Paul Syverson. Reliable mix cascade networks
through reputation. In Matt Blaze, editor, Financial Cryptography,
6th International Conference, FC 2002, pages 253268. Springer-Verlag,
LNCS 2357, 2003.
[70] M. Dornseif. Government mandated blocking of foreign web content. In
J. von Knop, W. Haverkamp, and E. Jessen, editors, Security, E-Learning,
E-Services: Proceedings of the 17. DFN-Arbeitstagung uber Kommunika-
tionsnetze, Dusseldorf, 2003.
[71] John Douceur. The sybil attack. In Peter Druschel, M. Frans Kaashoek,
and Antony I. T. Rowstron, editors, Peer-To-Peer Systems: First Inter-
national Workshop, IPTPS 2002, pages 251260, Cambridge, MA, USA,
2002. Springer-Verlag, LNCS 2429.
[72] Matthew Edman, Fikret Sivrikaya, and Bulent Yener. A combinatorial
approach to measuring anonymity. In Gheorghe Muresan, Tayfur Altiok,
Benjamin Melamed, and Daniel Zeng, editors, IEEE Intel ligence and Se-
curity Informatics (ISI 2007), pages 356363, New Brunswick, NJ, May
2007. IEEE.
[73] Matthew Edman and Paul Syverson. AS-awareness in Tor path selection.
In Somesh Jha, Angelos D. Keromytis, and Hao Chen, editors, CCS'09:
Proceedings of the 16th ACM Conference on Computer and Communica-
tions Security. ACM Press, 2009.
[74] Nathan S. Evans, Roger Dingledine, and Christian Grothoff. A practical
congestion attack on Tor using long paths. In Proceedings of the 18th
USENIX Security Symposium, pages 3350, Montreal, Canada, August
2009. USENIX Association.
[75] Peter Fairbrother. An improved construction for universal re-encryption.
In David Martin and Andrei Serjantov, editors, Privacy Enhancing Tech-
nologies: 4th International Workshop, PET 2004, pages 7987. Springer-
Verlag, LNCS 3424, May 2005.
[76] N. Feamster, M. Balazinska, G. Harfst, H. Balakrishnan, and D. Karger.
Infranet: Circumventing web censorship and surveillance. In Dan Boneh,
editor, USENIX Security Symposium, pages 247262, San Francisco, CA,
5-9 August 2002.
[77] Nick Feamster, Magdalena Balazinska, Winston Wang, Hari Balakrishnan,
and David Karger. Thwarting web censorship with untrusted messen-
ger discovery. In Roger Dingledine, editor, Privacy Enhancing Technolo-
gies: Third International Workshop, PET 2003, pages 125140. Springer-
Verlag, LNCS 2760, 2003.
[78] Nick Feamster and Roger Dingledine. Location diversity in anonymity
networks. In Sabrina De Capitani di Vimercati and Paul Syverson, editors,
WPES'04: Proceedings of the 2004 ACM Workshop on Privacy in the
Electronic Society, pages 6676, Washington, DC, USA, October 2004.
ACM Press.
[79] Joan Feigenbaum, Aaron Johnson, and Paul Syverson. Probabilistic anal-
ysis of onion routing in a black-box model [extended abstract]. In Ting Yu,
editor, WPES'07: Proceedings of the 2007 ACM Workshop on Privacy in
the Electronic Society, pages 110. ACM Press, October 2007.
[80] Laurent Fousse and Jean-Ren Reinhard. Nymbaron: A type iii nymserver.
[81] Michael J. Freedman and Robert Morris. Tarzan: A peer-to-peer
anonymizing network layer. In Vijay Atluri, editor, Proceedings of the
9th ACM Conference on Computer and Communications Security, CCS
2002, pages 193206. ACM Press, 2002.
[82] Michael J. Freedman, Emil Sit, Josh Cates, and Robert Morris. Intro-
ducing tarzan, a peer-to-peer anonymizing network layer. In Peter Dr-
uschel, M. Frans Kaashoek, and Antony I. T. Rowstron, editors, Peer-To-
Peer Systems: First International Workshop, IPTPS 2002, pages 121129,
Cambridge, MA, USA, 2002. Springer-Verlag, LNCS 2429.
[83] Jun Furukawa and Kazue Sako. An efficient scheme for proving a shuffle.
In Joe Kilian, editor, Advances in Cryptology CRYPTO 2001, pages
368387, Santa Barbara, CA, USA, August 2001. Springer-Verlag, LNCS
2139.
[84] Benedikt Gierlichs, Carmela Troncoso, Claudia Diaz, Bart Preneel, and
Ingrid Verbauwhede. Revisiting a combinatorial approach toward mea-
suring anonymity. In Marianne Winslett, editor, WPES'08: Proceedings
of the 2008 ACM Workshop on Privacy in the Electronic Society, pages
111116, Alexandria,VA,USA, October 2008. ACM Press.
[85] Sharad Goel, Mark Robson, Milo Polte, and Emin Gun Sirer. Herbivore:
A scalable and efficient protocol for anonymous communication. Technical
Report 2003-1890, Cornell University, Ithaca, NY, February 2003.
[86] Ian Goldberg. A Pseudonymous Communications Infrastructure for the
Internet. PhD thesis, University of California at Berkeley, 2000.
[87] Ian Goldberg and Adam Shostack. Freedom 1.0 security issues and anal-
ysis. White paper, Zero Knowledge Systems, Inc., November 1999.
[88] Ian Goldberg and Adam Shostack. Freedom network 1.0 architecture and
protocols. White paper, Zero Knowledge Systems, Inc., October 2001. The
attributed date is that printed at the head of the paper. The cited work
is, however, superceded by documents that came before Oct. 2001. The
appendix indicates a change history with changes last made November 29,
1999. Also, in [87] the same authors refer to a paper with a similar title
as an "April 1999 whitepaper".
[89] David M. Goldschlag, Michael G. Reed, and Paul F. Syverson. Hid-
ing routing information. In Ross Anderson, editor, Information Hid-
ing: First International Workshop, pages 137150. Springer-Verlag, LNCS
1174, 1996.
[90] Philippe Golle. Reputable mix networks. In David Martin and Andrei Ser-
jantov, editors, Privacy Enhancing Technologies: 4th International Work-
shop, PET 2004, pages 5162. Springer-Verlag, LNCS 3424, May 2005.
[91] Philippe Golle, Markus Jakobsson, Ari Juels, and Paul Syverson. Uni-
versal re-encryption for mixnets. In Tatsuaki Okamoto, editor, Topics in
Cryptology CT-RSA 2004, pages 163178, San Francisco, USA, February
2004. Springer-Verlag, LNCS 2964.
[92] Philippe Golle and Ari Juels. Dining cryptographers revisited. In Ad-
vances in Cryptology EUROCRYPT 2004, pages 456473, Interlaken,
Switzerland, May 2004. Springer-Verlag, LNCS 3027.
[93] Philippe Golle and Ari Juels. Parallel mixing. In Birgit Pfitzmann and
Peng Liu, editors, CCS 2004: Proceedings of the 11th ACM Conference
on Computer and Communications Security, pages 220226. ACM Press,
October 2004.
[94] Philippe Golle, XiaoFeng Wang, Markus Jakobsson, and Alex Tsow. De-
terring voluntary trace disclosure in re-encryption mix networks. In 2006
IEEE Symposium on Security and Privacy (S& P 2006), Proceedings,
pages 121131, Oakland, CA, May 2006. IEEE Computer Society.
[95] Philippe Golle, Sheng Zhong, Dan Boneh, Markus Jakobsson, and Ari
Juels. Optimistic mixing for exit-polls. In Yuliang Zheng, editor, Advances
in Cryptology ASIACRYPT 2002, pages 451465, Queenstown, New
Zealand, 1-5 December 2002. Springer-Verlag, LNCS 2501.
[96] Marcin Gomulkiewicz, Marek Klonowski, and Miroslaw Kutyllowski.
Onions based on universal re-encryption anonymous communication
immune against repetitive attack. In Chae Hoon Lim and Moti Yung,
editors, Information Security Applications, 5th International Workshop,
WISA 2004, pages 400410, Jeju Island, Korea, August 2004. Springer-
Verlag, LNCS 3325.
[97] Marcin Gomulkiewicz, Marek Klonowski, and Miroslaw Kutylowski.
Rapid mixing and security of chaum's visual electronic voting. In Einar
Snekkenes and Dieter Gollmann, editors, Computer Security ESORICS
2003, 8th European Symposium on Research in Computer Security, pages
132145, Gjvik, Norway, October 2003. Springer-Verlag, LNCS 2808.
[98] Yong Guan, Xinwen Fu, Dong Xuan, P. U. Shenoy, Riccardo Bettati,
and Wei Zhao. Netcamo: camouflaging network traffic for qos-guaranteed
mission critical applications. IEEE Transactions on Systems, Man, and
Cybernetics, Part A 31(4):253265, 2001.
[99] Ceki Gulcu and Gene Tsudik. Mixing E-mail with Babel. In Proceedings of

the Symposium on Network and Distributed Security Symposium – NDSS
'96, pages 216. IEEE, February 1996.
[100] Joseph Y. Halpern and Kevin R. O'Neill. Anonymity and information
hiding in multiagent systems. Jounal of Computer Security, 13(3):483
514, 2005.
[101] Steven Hazel and Brandon Wiley. Achord: A variant of the chord
lookup service for use in censorship resistant peer-to-peer publishing sys-
tems. In Peer-To-Peer Systems: First International Workshop, IPTPS
2002, Cambridge, MA, USA, 2002. A postproceedings of this work-
shop was published by Springer-Verlag (LNCS 2429). This paper is not
in that volume. It is only in the electronic proceedings available at
http://www.iptps.org/papers.html#2002.
[102] Sabine Helmers. A brief history of anon.penet.fi – the legendary anony-
mous remailer. CMC Magazine, September 1997.
[103] Johan Helsingius. Johan Helsingius closes his internet remailer. http:
//www.penet.fi/press- english.html, August 1996.
[104] Johan Helsingius. Temporary injunction in the anonymous remailer case.
[105] Alejandro Hevia and Daniele Micciancio. An indistinguishability-based
characterization of anonymous channels. In Nikita Borisov and Ian Gold-
berg, editors, Privacy Enhancing Technologies: Eighth International Sym-
posium, PETS 2008, pages 2443. Springer-Verlag, LNCS 5134, July 2008.
[106] Andrew Hintz. Fingerprinting websites using traffic analysis. In Roger
Dingledine and Paul Syverson, editors, Privacy Enhancing Technologies:
Second International Workshop, PET 2002, pages 171178, San Francisco,
CA, USA, April 2002. Springer-Verlag, LNCS 2482.
[107] Nicholas Hopper, Eugene Y. Vasserman, and Eric Chan-Tin. How much
anonymity does network latency leak? In Sabrina De Capitani di Vimer-
cati, Paul Syverson, and David Evans, editors, CCS'07: Proceedings of
the 14th ACM Conference on Computer and Communications Security,
pages 8291. ACM Press, 2007.
[108] Dominic Hughes and Vitaly Shmatikov. Information hiding, anonymity
and privacy: A modular approach. Journal of Computer Security, 12(1):3
36, 2004.
[109] Yuval Ishai, Eyal Kushilevitz, Rafail Ostrovsky, and Amit Sahai. Cryp-
tography from anonymity. In FOCS '06: Proceedings of the 47th Annual
IEEE Symposium on Foundations of Computer Science, pages 239248,
Washington, DC, USA, 2006. IEEE Computer Society.
[110] Markus Jakobsson. A practical mix. In Kaisa Nyberg, editor, Advances in
Cryptology EUROCRYPT '98, pages 448461, Helsinki, Finland, 1998.
Springer-Verlag, LNCS 1403.
[111] Markus Jakobsson. Flash mixing. In PODC '99: Proceedings of the Eigh-
teenth Annual ACM Symposium on Principles of Distributed Computing,
pages 8389, Atlanta, Georgia, USA, 1999. ACM Press.
[112] Markus Jakobsson and Ari Juels. An optimally robust hybrid mix network.
In PODC '01: Proceedings of the twentieth annual ACM symposium on
Principles of distributed computing, pages 284292, New York, NY, USA,
2001. ACM.
[113] Markus Jakobsson, Ari Juels, and Ronald L. Rivest. Making mix nets
robust for electronic voting by randomized partial checking. In Dan Boneh,
editor, Proceedings of the 11th USENIX Security Symposium, pages 339
353, San Francisco, CA, USA, 5-9 August 2002. USENIX Association.
[114] Anja Jerichow, Jan Muller, Andreas Pfitzmann, Birgit Pfitzmann, and
Michael Waidner. Real-time MIXes: A bandwidth-efficient anonymity
protocol. IEEE Journal on Selected Areas in Communications, 16(4):495
509, May 1998.
[115] Shu Jiang, Nitin H. Vaidya, and Wei Zhao. Routing in packet radio
networks to prevent traffic analsyis. In IEEE Information Assurance and
Security Workshop, June 2000.
[116] Aaron Johnson and Paul Syverson. More anonymous onion routing
through trust. In 22nd IEEE Computer Security Foundations Sympo-
sium, CSF 2009, pages 312, Port Jefferson, New York, July 2009. IEEE
Computer Society.
[117] Aniket Kate, Greg Zaverucha, and Ian Goldberg. Pairing-based onion
routing. In Nikita Borisov and Philippe Golle, editors, Privacy Enhancing
Technologies: 7th International Symposium, PET 2007, pages 95112.
Springer-Verlag, LNCS 4776, 2007.
[118] Sachin Katti, Dina Katabi, and Katay Puchala. Slicing the onion: Anony-
mous routing without pki. In Fourth Workshop on Hot Topics in Net-
works (HotNets-IV). ACM, 2005. http://conferences.sigcomm.org/
hotnets/2005/papers/katti.pdf.
[119] Dogan Kesdogan, Dakshi Agrawal, and Stefan Penz. Limits of anonymity
in open environments. In Fabien A. P. Petitcolas, editor, Information Hid-
ing: 5th International Workshop, IH 2002, pages 5369, Noordwijkerhout,
The Netherlands, October 2002. Springer-Verlag, LNCS 2578.
[120] Dogan Kesdogan, Mark Borning, and Michael Schmeink. Unobservable
surfing on the world wide web: Is private information retrieval an al-
ternative to the MIX based approach? In Roger Dingledine and Paul
Syverson, editors, Privacy Enhancing Technologies: Second International
Workshop, PET 2002, pages 214218, San Francisco, CA, USA, April
2002. Springer-Verlag, LNCS 2482.
[121] Dogan Kesdogan, Jan Egner, and Roland Buschkes. Stop-and-Go MIXes:
Providing probabilistic anonymity in an open system. In David Auc-
smith, editor, Information Hiding: Second International Workshop, IH
1998, pages 8398, Portland, Oregon, USA, April 1998. Springer-Verlag,
LNCS 1525.
[122] Joe Kilian and Kazue Sako. Receipt-free MIX-type voting scheme — a
practical solution to the implementation of a voting booth. In Louis C.
Guillou and Jean-Jacques Quisquater, editors, Advances in Cryptology
EUROCRYPT '95, pages 393403, Saint-Malo, France, May 1995.
Springer-Verlag, LNCS 921.
[123] Lea Kissner, Alina Oprea, Michael K. Reiter, Dawn Xiaodong Song, and
Ke Yang. Private keyword-based push and pull with applications to anony-
mous communication. In Markus Jakobsson, MotiYung, and Jianying
Zhou, editors, Applied Cryptography and Network Security Second Inter-
national Conference, ACNS 2004, pages 1630. Springer-Verlag, LNCS
3089, 2004.
[124] Marek Klonowski, Miroslaw Kutyllowski, Anna Lauks, and Filip Zagrski.
Universal re-encryption of signatures and controlling anonymous in-
formation flow. In WARTACRYPT '04 Conference on Cryptology,
Bedlewo/Poznan, July 2004.
[125] Marek Klonowski, Miroslaw Kutyllowski, and Filip Zagrski. Anonymous
communication with on-line and off-line onion encoding. In Peter Vo jt,
Mria Bielikov, Bernadette Charron-Bost, and Ondrej Sykora, editors,
SOFSEM 2005: Theory and Practice of Computer Science, 31st Confer-
ence on Current Trends in Theory and Practice of Computer Science, Lec-
ture Notes in Computer Science, pages 229238, Liptovsky Jn, Slovakia,
January 2005. Springer-Verlag, LNCS 3381.
[126] Marek Klonowski and Miroslaw Kutylowski. Provable anonymity for
networks of mixes. In Mauro Barni, Jordi Herrera-Joancomart, Stefan
Katzenbeisser, and Fernando Prez-Gonzlez, editors, Information Hid-
ing: 7th International Workshop, IH 2005, pages 2638. Springer-Verlag,
LNCS 3727, June 2005.
[127] Stefan Kpsell and Ulf Hilling. How to achieve blocking resistance for
existing systems enabling anonymous web surfing. In Sabrina De Capitani
di Vimercati and Paul Syverson, editors, WPES'04: Proceedings of the
2004 ACM Workshop on Privacy in the Electronic Society, pages 4758,
Washington, DC, USA, October 2004. ACM Press.
[128] Dennis Kugler. An analysis of GNUnet and the implications for anony-
mous, censorship-resistant networks. In Roger Dingledine, editor, Privacy
Enhancing Technologies: Third International Workshop, PET 2003, pages
161176. Springer-Verlag, LNCS 2760, 2003.
[129] Brian N. Levine, Michael K. Reiter, Chenxi Wang, and Matthew K.
Wright. Timing attacks in low-latency mix-based systems. In Ari Juels,
editor, Financial Cryptography, 8th International Conference, FC 2004,
pages 251265. Springer-Verlag, LNCS 3110, February 2004.
[130] Brian Neil Levine and Clay Shields. Hordes: a multicast based protocol
for anonymity. Journal of Computer Security, 10(3):213240, 2002.
[131] John Leyden. Anonymizer looks for gaps in great firewall of China. The
Register, April 3 2006.
[132] Tianbo Lu, Binxing Fang, Yuzhong Sun, and Xueqi Cheng. Performance
analysis of WonGoo system. In Fifth International Conference on Com-
puter and Information Technology (CIT 2005), pages 716723, Shanghai,
China, September 2005. IEEE Computer Society.
[133] Tianbo Lu, Binxing Fang, Yuzhong Sun, and Li Guo. Some remarks
on universal re-encryption and a novel practical anonymous tunnel. In
Xicheng Lu and Wei Zhao, editors, Networking and Mobile Computing,
Third International Conference, ICCNMC 2005, pages 853862, Zhangji-
a jie, China, 2005. Springer-Verlag, LNCS 3619.
[134] David Martin and Andrew Schulman. Deanonymizing users of the
SafeWeb anonymizing service. Technical Report 2002-003, Boston Uni-
versity Computer Science Department, February 2002.
[135] Nick Mathewson. Underhill: A proposed type 3 nymserver protocol speci-
fication. On-line, 2005. http://svn.conuropsis.org/nym3/trunk/doc/
nym- spec.txt.
[136] Nick Mathewson and Roger Dingledine. Practical traffic analysis: Extend-
ing and resisting statistical disclosure. In David Martin and Andrei Ser-
jantov, editors, Privacy Enhancing Technologies: 4th International Work-
shop, PET 2004. Springer-Verlag, LNCS 3424, 2005.
[137] David Mazi`res and M. Frans Kaashoek. The Design, Implementation
and Operation of an Email Pseudonym Server. In CCS'98 5th ACM
Conference on Computer and Communications Security, pages 2736, San
Francisco, CA, USA, November 1998. ACM Press.
[138] Markus Michels and Patrick Horster. Some remarks on a receipt-free
and universally verifiable mix-type voting scheme. In Kwangjo Kim and
Tsutomu Matsumoto, editors, Advances in Cryptology ASIACRYPT
'96, pages 125132, Kyongju, Korea, November 1996. Springer-Verlag,
LNCS 1163.
[139] Masashi Mitomo and Kaoru Kurosawa. Attack for flash MIX. In Tatsuaki
Okamoto, editor, Advances in Cryptology ASIACRYPT 2000, pages
192204, Kyoto, Japan, December 2000. Springer-Verlag, LNCS 1976.
[140] Prateek Mittal and Nikita Borisov. Information leaks in structured peer-
to-peer anonymous communication systems. In Paul Syverson, Somesh
Jha, and Xiaolan Zhang, editors, CCS'08: Proceedings of the 15th ACM
Conference on Computer and Communications Security, pages 267278.
ACM Press, 2008.
[141] Bodo Mller. Provably secure public-key encryption for length-preserving
chaumian mixes. In Marc Joye, editor, Topics in Cryptology CT-RSA
2003, pages 244262, San Francisco, CA, USA, 13-17 April 2003. Springer-
Verlag, LNCS 2612.
[142] Ulf Mller, Lance Cottrell, Peter Palfrader, and Len Sassaman. Mixmaster
protocol – version 3. IETF Internet Draft, 2003.
[143] Steven J. Murdoch and George Danezis. Low-cost traffic analysis of Tor.
In 2005 IEEE Symposium on Security and Privacy,(IEEE S&P 2005)
Proceedings, pages 183195. IEEE CS, May 2005.
[144] Steven J. Murdoch and Piotr Zielinski. Sampled traffic analysis by
internet-exchange-level adversaries. In Nikita Borisov and Philippe Golle,
editors, Privacy Enhancing Technologies: 7th International Symposium,
PET 2007, pages 167183. Springer-Verlag, LNCS 4776, 2007.
[145] Arjun Nambiar and Matthew Wright. Salsa: A structured approach to
large-scale anonymity. In Rebecca N. Wright, Sabrina De Capitani di
Vimercati, and Vitaly Shmatikov, editors, CCS'06: Proceedings of the
13th ACM Conference on Computer and Communications Security, pages
1726. ACM Press, 2006.
[146] C. Andrew Neff. A verifiable secret shuffle and its application to e-
voting. In Pierangela Samarati, editor, Proceedings of the 8th ACM Con-
ference on Computer and Communications Security (CCS-8), pages 116
125, Philadelphia, PA, USA, November 2001. ACM Press.
[147] Richard E. Newman, Ira S. Moskowitz, Paul Syverson, and Andrei Ser-
jantov. Metrics for traffic analysis prevention. In Roger Dingledine,
editor, Privacy Enhancing Technologies: Third International Workshop,
PET 2003, pages 4865, Dresden, Germany, March 2003. Springer-Verlag,
LNCS 2760.
[148] Luke O'Connor. On blending attacks for mixes with memory. In Mauro
Barni, Jordi Herrera-Joancomart, Stefan Katzenbeisser, and Fernando
Prez-Gonzlez, editors, Information Hiding: 7th International Work-
shop, IH 2005, pages 3952. Springer-Verlag, LNCS 3727, June 2005.
[149] Wakaha Ogata, Kaoru Kurosawa, Kazue Sako, and Kazunori Takatani.
Fault tolerant anonymous channel. In Yongfei Han, Tatsuaki Okamoto,
and Sihan Qing, editors, Information and Communication Security, First
International Conference, ICICS '97, pages 440444, Beijing, China,
November 1997. Springer-Verlag, LNCS 1334.
[150] Miyako Ohkubo and Masayuki Abe. A length-invariant hybrid mix. In
Tatsuaki Okamoto, editor, Advances in Cryptology ASIACRYPT 2000,
pages 178191, Kyoto, Japan, December 2000. Springer-Verlag, LNCS
1976.
[151] Rafail Ostrovsky and William E. Skeith III. Private searching on stream-
ing data. In Advances in Cryptology – CRYPTO 2005: 25th Annual In-
ternational Cryptology Conference, pages 223240. Springer-Verlag, LNCS
3621, 2005.
[152] Lasse verlier and Paul Syverson. Locating hidden servers. In 2006 IEEE
Symposium on Security and Privacy (S& P 2006), Proceedings, pages 100
  1. IEEE CS, May 2006.
[153] Lasse verlier and Paul Syverson. Improving efficiency and simplicty
of Tor circuit establishment and hidden services. In Nikita Borisov and
Philippe Golle, editors, Privacy Enhancing Technologies: 7th Interna-
tional Symposium, PET 2007, pages 134152. Springer-Verlag, LNCS
4776, 2007.
[154] Peter Palfrader. Echolot: a pinger for anonymous remailers. http://www.
palfrader.org/echolot/.
[155] Sameer Parekh. Prospects for remailers: where is anonymity heading
on the internet? First Monday, 1(2), August 5 1996. On-line journal
http://www.firstmonday.dk/issues/issue2/remailers/.
[156] C. Park, K. Itoh, and K. Kurosawa. Efficient anonymous channel and
all/nothing election scheme. In Tor Helleseth, editor, Advances in Cryp-
tology EUROCRYPT '93, pages 248259. Springer-Verlag, LNCS 765,
1994.
[157] Andreas Pfitzmann and Marit Khntopp. Anonymity, unobservability,
and pseudonymity a proposal for terminology. In Hannes Federrath, ed-
itor, Designing Privacy Enhancing Technologies: International Workshop
on Design Issues in Anonymity and Unobservability, pages 19. Springer-
Verlag, LNCS 2009, July 2000.
[158] Andreas Pfitzmann, Birgit Pfitzmann, and Michael Waidner. ISDN-
MIXes: Untraceable communication with very small bandwidth overhead.
In Wolfgang Effelsberg, Hans Werner Meuer, and Gunter Muller, editors,
Kommunikation in Verteilten Systemen, Grund lagen, Anwendungen, Be-
trieb, GI/ITG-Fachtagung, volume 267 of Informatik-Fachberichte, pages
451463. Springer-Verlag, February 1991.
[159] Andreas Pfitzmann and Michael Waidner. Networks without user observ-
ability design options. In Franz Pichler, editor, Advances in Cryptology
EUROCRYPT '85, pages 245253. Springer-Verlag, LNCS 219, 1986.
[160] Birgit Pfitzmann. Breaking an efficient anonymous channel. In Alfredo De
Santis, editor, Advances in Cryptology EUROCRYPT '94, pages 332
340, Perugia, Italy, May 1994. Springer-Verlag, LNCS 950.

[link1] | [link2]

[link1] http://www.pgpru.com/biblioteka/statji/sac

[link2] http://www.pgpru.com/biblioteka/statji/sac/references2