pith. sign in

arxiv: 2606.19620 · v1 · pith:2IWRDGHInew · submitted 2026-06-17 · 💻 cs.CR

G-Lox: Group-Adaptive, Privacy-Preserving Bridge Distribution with Two-Party Computation

Pith reviewed 2026-06-26 20:06 UTC · model grok-4.3

classification 💻 cs.CR
keywords bridge distributionprivacy preservingtwo-party computationgroup adaptationcensorship circumventionDPFFSS
0
0 comments X

The pith

G-Lox enables hidden group-adaptive bridge distribution by placing assignment logic behind a two-server privacy wall using two-party computation.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

G-Lox is a bridge distribution system that keeps group identifiers and assignments hidden from any single server while still allowing adaptation based on group state. It achieves this by using two non-colluding servers that jointly handle state access and updates through distributed point functions, function secret sharing, and secure two-party computation. The system supports features such as reporting blockages, reassigning bridges based on transport, and splitting groups without revealing information. Measurements show that client overhead stays low even for state sizes up to 2^16, and simulations indicate better robustness against blocking compared to prior systems like Lox.

Core claim

G-Lox places adaptive assignment logic behind a two-server privacy wall so that no single server learns group identifiers or group-to-bridge assignments. Private state access and state-dependent updates are performed using two-server DPF/FSS protocols and secure two-party computation, which supports blockage reporting, transport-aware reassignment, and privacy-preserving group splitting.

What carries the argument

Two-server privacy wall with DPF/FSS protocols and secure two-party computation for private state access and updates.

If this is right

  • Blockage reporting can be done without revealing which group is affected.
  • Bridges can be reassigned based on transport type while keeping assignments private.
  • Groups can be split in a privacy-preserving manner.
  • Client-visible communication remains in the low-KiB range per iteration for state sizes up to 2^16.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The approach could extend to other distributed assignment problems where state must remain hidden from individual parties.
  • If the servers are operated by separate organizations, it lowers the risk of any one entity controlling the distribution.
  • Further testing with real-world blocking patterns could validate the simulation results on robustness.

Load-bearing premise

The two servers do not collude with each other and the cryptographic protocols correctly prevent each server from learning group information.

What would settle it

An attack in which one server, after running the protocol, can determine the group identifier or the bridge assignment for a client from its local view.

Figures

Figures reproduced from arXiv: 2606.19620 by Baigang Chen, Nicholas Hopper.

Figure 1
Figure 1. Figure 1: Double FSS-based G-lox workflow 5 Evaluation We measure the concrete cost of our two-server DPF-based backend from the running code over real TCP sockets and process memory counters under Linux/WSL. Additionally, we simulate the G-Lox as￾signment policies and compare them with Lox, Salmon, and rBridge. 2 5.1 Evaluation: Micro Benchmark This subsection evaluates the privacy-preserving back-end primi￾tives o… view at source ↗
read the original abstract

We present G-Lox (group-adaptive Lox), a bridge-distribution system that preserves Lox-style distributor blindness while enabling hidden, stateful group-level adaptation. G-Lox places adaptive assignment logic behind a two-server privacy wall, so no single server learns group identifiers or group-to-bridge assignments. Private state access and state-dependent updates use two-server DPF/FSS protocols and secure two-party computation, supporting blockage reporting, transport-aware reassignment, and privacy-preserving group splitting. We evaluate G-Lox through system measurements and policy simulation. In our C++/EMP implementation over real TCP sockets, private state access has low client-visible overhead: across state sizes up to 2^16, communication remains in the low-KiB range per iteration. At M=1024, the client sends 1,968 bytes, receives 1,280 bytes, and completes an iteration in about 0.25 s. Simulations with group-specific blocking and Sybil enumeration show that G-Lox improves robustness over Lox- and rBridge-like baselines among systems that maintain broad issuance.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 1 minor

Summary. The paper presents G-Lox, a bridge-distribution system extending Lox-style distributor blindness with hidden, stateful group-level adaptation. Adaptive assignment logic is placed behind a two-server privacy wall using DPF/FSS protocols and secure two-party computation for private state access, state-dependent updates, blockage reporting, transport-aware reassignment, and privacy-preserving group splitting. Evaluation consists of C++/EMP system measurements (low client-visible overhead up to state size 2^16) and policy simulations showing improved robustness over Lox- and rBridge-like baselines under group-specific blocking and Sybil enumeration.

Significance. If the claimed privacy properties hold, G-Lox would advance privacy-preserving circumvention by enabling adaptive group management without single-server leakage of identifiers or assignments. The reported low-KiB communication and sub-second iteration times at M=1024, together with the simulation results on robustness, indicate practical potential for systems that must maintain broad issuance while responding to blocking.

major comments (1)
  1. [Abstract] Abstract: The central claim that 'no single server learns group identifiers or group-to-bridge assignments' rests entirely on the unstated assumptions that the two servers are non-colluding and that the DPF/FSS + 2PC primitives compose to the desired functionality and privacy. No security model (simulation-based or game-based), threat model (semi-honest vs. malicious, static vs. adaptive), or even informal argument is supplied to show how the protocols enforce the invariants for state-dependent updates, blockage reporting, or group splitting.
minor comments (1)
  1. [Abstract] Abstract: The phrase 'across state sizes up to 2^16' and the specific M=1024 numbers (1,968 bytes sent, 1,280 bytes received, ~0.25 s) would benefit from an accompanying table or figure reference once the full evaluation section is examined.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for highlighting the need for clearer security assumptions in the manuscript. We address the major comment below and commit to revisions that strengthen the presentation without altering the core technical contributions.

read point-by-point responses
  1. Referee: [Abstract] Abstract: The central claim that 'no single server learns group identifiers or group-to-bridge assignments' rests entirely on the unstated assumptions that the two servers are non-colluding and that the DPF/FSS + 2PC primitives compose to the desired functionality and privacy. No security model (simulation-based or game-based), threat model (semi-honest vs. malicious, static vs. adaptive), or even informal argument is supplied to show how the protocols enforce the invariants for state-dependent updates, blockage reporting, or group splitting.

    Authors: We agree that the abstract and body would benefit from an explicit statement of the threat model and an informal argument for the claimed invariants. In the revision we will add a short dedicated subsection (likely in Section 3 or 4) that (1) states the standard two-server non-colluding semi-honest threat model under which DPF/FSS and 2PC are used, (2) sketches how the primitives compose to hide group identifiers and assignments during private state access, state-dependent updates, blockage reporting, and privacy-preserving group splitting, and (3) notes the limitations (no malicious security or adaptive corruption). Because the work is a systems paper focused on implementation and simulation, we will supply an informal argument rather than a full game-based or simulation proof; this is consistent with the level of security treatment in related bridge-distribution and private-information-retrieval systems papers. revision: yes

Circularity Check

0 steps flagged

No significant circularity

full rationale

The paper is a systems description of a bridge-distribution construction that invokes standard external cryptographic building blocks (two-server DPF/FSS and 2PC). The provided text contains no equations, fitted parameters, predictions, or derivation steps that reduce to their own inputs. Claims rest on the assumed properties of those external primitives rather than any self-definitional, self-citation, or renaming loop. Absence of a formal security model is a correctness issue, not a circularity issue.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Abstract-only; no free parameters, axioms, or invented entities are extractable from the provided text.

pith-pipeline@v0.9.1-grok · 5721 in / 1085 out tokens · 21401 ms · 2026-06-26T20:06:43.955704+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

44 extracted references · 1 canonical work pages

  1. [1]

    Abdullah Alshalan, Sandeep Pisharody, and Dijiang Huang. 2015. A survey of mobile VPN technologies.IEEE Communications Surveys & Tutorials18, 2 (2015), 1177–1196

  2. [2]

    Yawning Angel and Philipp Winter. 2014. obfs4 (the obfourscator). Online: https://github.com/Yawning/obfs4/blob/master/doc/obfs4-spec.txt

  3. [3]

    Abhishek Bhaskar and Paul Pearce. 2024. Understanding routing-induced cen- sorship changes globally. InProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security. 437–451

  4. [4]

    Cecylia Bocovich, Arlo Breault, David Fifield, Serene, and Xiaokang Wang. 2024. Snowflake, a censorship circumvention system using temporary WebRTC proxies. InUSENIX Security Symposium. USENIX. https://www.usenix.org/system/files/ sec24fall-prepub-1998-bocovich.pdf

  5. [5]

    Elette Boyle, Niv Gilboa, and Yuval Ishai. 2015. Function secret sharing. InAnnual international conference on the theory and applications of cryptographic techniques. Springer, 337–367

  6. [6]

    Elette Boyle, Niv Gilboa, and Yuval Ishai. 2016. Function secret sharing: Im- provements and extensions. InProceedings of the 2016 ACM SIGSAC conference on computer and communications security. 1292–1303

  7. [7]

    Elette Boyle, Niv Gilboa, and Yuval Ishai. 2019. Secure computation with pre- processing via function secret sharing. InTheory of Cryptography Conference. Springer, 341–371

  8. [8]

    Jan Camenisch and Anna Lysyanskaya. 2005. A formal treatment of onion routing. InAnnual International Cryptology Conference. Springer, 169–187

  9. [9]

    Melissa Chase, Sarah Meiklejohn, and Greg Zaverucha. 2014. Algebraic MACs and keyed-verification anonymous credentials. InProceedings of the 2014 acm sigsac conference on computer and communications security. 1205–1216

  10. [10]

    Hao Chen, Ilaria Chillotti, and Ling Ren. 2019. Onion ring ORAM: Efficient constant bandwidth oblivious RAM from (leveled) TFHE. InProceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 345– 360

  11. [11]

    Simone Colombo, Kirill Nikitin, Henry Corrigan-Gibbs, David J Wu, and Bryan Ford. 2023. Authenticated private information retrieval. In32nd USENIX security symposium (USENIX Security 23). 3835–3851

  12. [12]

    Cas Cremers, Alexander Dax, and Niklas Medinger. 2024. Keeping Up with the KEMs: Stronger Security Notions for KEMs and automated analysis of KEM-based protocols. InProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security. 1046–1060

  13. [13]

    Roger Dingledine. 2011. Research problems: Ten ways to discover Tor bridges. Online: https://blog.torproject.org/research-problems-ten-ways-discover-tor- bridges/

  14. [14]

    Roger Dingledine and Nick Mathewson. 2006. Design of a blocking-resistant anonymity system

  15. [15]

    Roger Dingledine, Nick Mathewson, and Paul Syverson. 2004. Tor: The second- generation onion router. (2004)

  16. [16]

    Jack Doerner and Abhi Shelat. 2017. Scaling ORAM for secure computation. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 523–535

  17. [17]

    Frederick Douglas, Weiyang Pan, Matthew Caesar, et al . 2016. Salmon: Ro- bust proxy distribution for censorship circumvention.Proceedings on Privacy Enhancing Technologies(2016)

  18. [18]

    Ellis Fenske and Aaron Johnson. 2024. Bytes to schlep? Use a FEP: Hiding protocol metadata with fully encrypted protocols. InProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security. 1982–1996

  19. [19]

    David Fifield, Chang Lan, Rod Hynes, Percy Wegmann, and Vern Paxson. 2015. Blocking-resistant communication through domain fronting.Proceedings on Privacy Enhancing Technologies(2015)

  20. [20]

    Niv Gilboa and Yuval Ishai. 2014. Distributed point functions and their appli- cations. InAnnual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 640–658

  21. [21]

    Oded Goldreich, Silvio Micali, and Avi Wigderson. 2019. How to play any mental game, or a completeness theorem for protocols with honest majority. InProviding sound foundations for cryptography: on the work of Shafi Goldwasser and Silvio Micali. 307–328

  22. [22]

    David Goldschlag, Michael Reed, and Paul Syverson. 1999. Onion routing.Com- mun. ACM42, 2 (1999), 39–41

  23. [23]

    Rob Jansen and Aaron Johnson. 2016. Safely measuring tor. InProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 1553–1567

  24. [24]

    Marcel Keller, Emmanuela Orsini, and Peter Scholl. 2016. MASCOT: faster malicious arithmetic secure computation with oblivious transfer. InProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 830–842

  25. [25]

    Marcel Keller, Valerio Pastro, and Dragos Rotaru. 2018. Overdrive: Making SPDZ great again. InAnnual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 158–189

  26. [26]

    David Lazar, Yossi Gilad, and Nickolai Zeldovich. 2018. Karaoke: Distributed private messaging immune to passive traffic analysis. In13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 18). 711–725

  27. [27]

    Julia Len, Paul Grubbs, and Thomas Ristenpart. 2021. Partitioning oracle attacks. In30th USENIX security symposium (USENIX Security 21). 195–212

  28. [28]

    Wei-Kai Lin, Ethan Mook, and Daniel Wichs. 2023. Doubly Efficient Private Information Retrieval and Fully Homomorphic RAM Computation from Ring LWE. InProceedings of the 55th Annual ACM Symposium on Theory of Computing (STOC ’23). ACM, 595–608. doi:10.1145/3564246.3585175

  29. [29]

    Zhen Ling, Junzhou Luo, Wei Yu, Ming Yang, and Xinwen Fu. 2013. Tor bridge discovery: extensive analysis and large-scale empirical evaluation.IEEE Transac- tions on Parallel and Distributed Systems26, 7 (2013), 1887–1899

  30. [30]

    1988.Goldilocks and the three bears

    James Marshall. 1988.Goldilocks and the three bears. Penguin

  31. [31]

    Damon McCoy, Jose Andre Morales, and Kirill Levchenko. 2011. Proximax: measurement-driven proxy dissemination (short paper). InInternational Confer- ence on Financial Cryptography and Data Security. Springer, 260–267

  32. [32]

    Milad Nasr, Sadegh Farhang, Amir Houmansadr, and Jens Grossklags. 2019. Enemy At the Gateways: Censorship-Resilient Proxy Distribution Using Game Theory.. InNDSS

  33. [33]

    Hiroki Okada, Rachel Player, Simon Pohmann, and Christian Weinert. 2024. To- wards practical doubly-efficient private information retrieval. InInternational Conference on Financial Cryptography and Data Security. Springer Nature Switzer- land, Cham, 264–282

  34. [34]

    Hiroki Okada, Rachel Player, Simon Pohmann, and Christian Weinert. 2025. On algebraic homomorphic encryption and its applications to doubly-efficient PIR. In Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer Nature Switzerland, Cham, 34–64

  35. [35]

    Ania M Piotrowska, Jamie Hayes, Tariq Elahi, Sebastian Meiser, and George Danezis. 2017. The loopix anonymity system. In26th usenix security symposium (usenix security 17). 1199–1216

  36. [36]

    Michael G Reed, Paul F Syverson, and David M Goldschlag. 2002. Anonymous connections and onion routing.IEEE Journal on Selected areas in Communications 16, 4 (2002), 482–494

  37. [37]

    shelikhoo and Gustavo Gus. 2024. Hiding in plain sight: Introducing WebTunnel. Online: https://blog.torproject.org/introducing-webtunnel-evading-censorship- by-hiding-in-plain-sight/

  38. [38]

    Emil Stefanov, Marten van Dijk, Elaine Shi, T-H Hubert Chan, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. 2018. Path ORAM: an extremely simple oblivious RAM protocol.Journal of the ACM (JACM)65, 4 (2018), 1–26

  39. [39]

    Lindsey Tulloch and Ian Goldberg. 2023. Lox: Protecting the Social Graph in Bridge Distribution.Proceedings on Privacy Enhancing Technologies1 (2023), 494–509

  40. [40]

    Jelle Van Den Hooff, David Lazar, Matei Zaharia, and Nickolai Zeldovich. 2015. Vuvuzela: Scalable private messaging resistant to traffic analysis. InProceedings of the 25th Symposium on Operating Systems Principles. 137–152

  41. [41]

    Martijn P van Iersel, Alexander R Pico, Thomas Kelder, Jianjiong Gao, Isaac Ho, Kristina Hanspers, Bruce R Conklin, and Chris T Evelo. 2010. The BridgeDb framework: standardized access to gene, protein and metabolite identifier map- ping services.BMC bioinformatics11, 1 (2010), 5

  42. [42]

    Paul Vines, Samuel McKay, Jesse Jenter, and Suresh Krishnaswamy. 2024. Commu- nication Breakdown: Modularizing Application Tunneling for Signaling Around Censorship.Proceedings on Privacy Enhancing Technologies(2024)

  43. [43]

    Qiyan Wang, Zi Lin, Nikita Borisov, and Nicholas Hopper. 2013. rBridge: User Reputation based Tor Bridge Distribution with Privacy Preservation.. InNDSS

  44. [44]

    Andrew Chi-Chih Yao. 1986. How to generate and exchange secrets. In27th annual symposium on foundations of computer science (Sfcs 1986). IEEE, 162–167. A Open Science To enable evaluation of the paper’s core contributions, we provide anonymized research artifacts for double-blind review, including: (i) the G-Lox prototype implementation, (ii) scripts for ...