A deeper look at Ariadne: a privacy-preserving network layer protocol

We present a deeper analysis of Ariadne, a privacy-preserving network layer communication protocol that we introduced in Fressancourt and Iannone (2023). Ariadne uses a source routing approach to avoid relying on trusted third parties. In Ariadne, a source node willing to send anonymized network traffic to a destination uses a path consisting in nodes with which it has pre-shared symmetric keys. Temporary keys derived from those pre-shared keys are used to protect the communication's privacy using onion routing techniques, ensuring session unlinkability for packets following the same path. Ariadne enhances previous approaches to preserve communication privacy by introducing two novelties. First, the source route is encoded in a fixed size, sequentially encrypted vector of routing information elements, in which the elements' positions in the vector are pseudo-randomly permuted. Second, the temporary keys used to process the packets on the path are referenced using mutually known encrypted patterns. This avoids the use of an explicit key reference that could be used to de-anonymize the communications. This article enriches our previous presentation of Ariadne Fressancourt and Iannone (2023) with a set of formal proofs of its security properties. Besides, a performance evaluation of Ariadne's Rust implementation is presented to assess the ability of our protocol to protect privacy at the network layer in real-world use cases.