Under a threat model granting the censor universal inspection of server communications and processing logs — with only the server's signing key withheld — data-replication systems (Freenet, Gnutella, Eternity Service) and anonymous-communication systems (Free Haven, Serjantov's scheme) all achieve censorship susceptibility of 1. Because document names are publicly known, a censor with full server visibility can selectively drop any targeted query without disrupting access to other documents.

Theorem 1 proves that censorship resistance (CR) implies Private Information Retrieval (PIR): any system achieving low censorship susceptibility must implement PIR as an underlying primitive. CR systems cannot be built with cryptographic primitives weaker than PIR.

§5 defense

Server-deniability schemes (Publius) and data-entanglement schemes (Tangler, Dagster) both achieve censorship susceptibility of 1 under the cooperative-server model. Publius fails because the Publius URL encodes the hosting servers and document identity in public, enabling direct query filtering. Tangler and Dagster fail because their limited-width entanglement graphs allow a censor to remove a document with collateral damage too small to prevent selective censorship — only a small number of blocks per document are entangled.

§4.3–4.4 evaluation

PIR alone does not achieve censorship resistance. Using the QRA (Quadratic Residuosity Assumption) PIR scheme as a direct CR implementation, a filter can replace a query component — substituting a quadratic residue for a non-residue at the target column index — forcing the server to return an incorrect result for the targeted document while leaving all other documents unaffected, yielding censorship susceptibility of 1.

§6 detection

Theorem 3 demonstrates that having the server digitally sign its response together with the verbatim client query is sufficient to achieve CR when built atop any secure PIR protocol. This construction (sys+S) eliminates query modification as an attack vector, reducing the censor's viable strategies to query-dropping only — an advantage bounded above by the underlying PIR adversary's advantage, proving that the censor must shut down the entire service to achieve selective filtering.

§7 defense