Onion Routing (English onion, onion ' ) is an anonymization technique on the Internet. Here, the web content through ever-changing routes are run by multiple mixes, which are called in this context node. These each represent a kind of proxy server be encrypted dar. This keeps the true identity of the person who requested the data anonymously for the web server on the other side. The operators of the node itself are due to the encryption scheme is not able to establish an association between the user and his requested Web content, unless all nodes of the respective route work together.

Encryption scheme

The term Onion or onion is derived from the encryption scheme used. The data to be transmitted is encrypted multiple times. Within each node, the data is either a de- encryption or step is applied, depending on whether the data in the up- or downstream transmitted. The client encrypts each to be sent and decrypts each packet received therefore many times as the number of nodes in the route. This cascade encryption scheme has the form of an onion with their shells, hence the name. It guarantees that only the last node can see the data to be sent in plain text (which may still be subject to an end-to -end encryption ). Also a tracking of the data on a node of time is not possible, because each node executes a comprehensible only to him, and the client Ver-/Entschlüsselungsschritt, the data words which appear on the input of the node at the output of the different node.

Route choice

Unlike services that are based on solid mix cascades, namely the always use a same for all users route between the mixing, is repeatedly changed during onion routing selection and sequence of nodes used individually by each user. Thus, a subsequent re- access to a server from the perspective seems to come from a new user of this server because the IP address has changed in the meantime as well. This is only true, if not because of the content data transferred a further identification is possible, for example because cookies or personalized links.

Concept compared to mix cascades

The main difference between the concept of solid mix cascades and free routing is the transmission capacity and the number of required nodes. While solid mix cascades all users use the same mixes, so they have to make correspondingly large capacities available, but a small number is sufficient, a lot of nodes are necessary in the onion routing concept, but require less bandwidth, since the individual each node is taken by only a few users to complete. This can be implemented onion routing within a grassroots approach, as user ( with sufficient upstream capacity ) equipped with a broadband often able to operate even a knot. On the other hand, a low participation threshold and thus the lack of central control, even the most risk: such a service can be infiltrated and controlled with relatively little effort for the most part, run by individuals under many pseudonyms nodes. Although still sufficiently "good" nodes in the network, resulting in a correspondingly increased probability that a user completely puts together a route from the set of controlled nodes, and therefore its actions for the operators of these nodes are traceable. This is favored even by the ever new route selection takes place. The probability is less acute, that all actions of the user can be controlled, because he constantly selects new nodes, but increases the likelihood that at least some of its actions are successful deanonymisierbar.


A well-known and popular program for the use of Onion Routing is the anonymity service Tor ( The Onion Router ). In contrast, developed in Germany JAP is based on solid mix cascades service.