Server-deniability schemes (Publius) and data-entanglement schemes (Tangler, Dagster) both achieve censorship susceptibility of 1 under the cooperative-server model. Publius fails because the Publius URL encodes the hosting servers and document identity in public, enabling direct query filtering. Tangler and Dagster fail because their limited-width entanglement graphs allow a censor to remove a document with collateral damage too small to prevent selective censorship — only a small number of blocks per document are entangled.

Theorem 1 proves that censorship resistance (CR) implies Private Information Retrieval (PIR): any system achieving low censorship susceptibility must implement PIR as an underlying primitive. CR systems cannot be built with cryptographic primitives weaker than PIR.

§5 defense

PIR alone does not achieve censorship resistance. Using the QRA (Quadratic Residuosity Assumption) PIR scheme as a direct CR implementation, a filter can replace a query component — substituting a quadratic residue for a non-residue at the target column index — forcing the server to return an incorrect result for the targeted document while leaving all other documents unaffected, yielding censorship susceptibility of 1.

§6 detection

Theorem 3 demonstrates that having the server digitally sign its response together with the verbatim client query is sufficient to achieve CR when built atop any secure PIR protocol. This construction (sys+S) eliminates query modification as an attack vector, reducing the censor's viable strategies to query-dropping only — an advantage bounded above by the underlying PIR adversary's advantage, proving that the censor must shut down the entire service to achieve selective filtering.

§7 defense

Under a threat model granting the censor universal inspection of server communications and processing logs — with only the server's signing key withheld — data-replication systems (Freenet, Gnutella, Eternity Service) and anonymous-communication systems (Free Haven, Serjantov's scheme) all achieve censorship susceptibility of 1. Because document names are publicly known, a censor with full server visibility can selectively drop any targeted query without disrupting access to other documents.

§4 detection