The secret is the use of a mixnet, where servers switch the order of messages as they're received, but without using relatively inefficient public keys. Instead, Riffle relies on a verifiable shuffle (where you shake up a message's encryption but can verify the changes) across all servers for the initial connection, and authentication encryption (where you prove the validity of the encrypted message itself) for the rest. In essence, even compromised servers can't mess things up -- they have to shuffle messages correctly for the good servers to accept the incoming data.

And importantly, the technique is extremely efficient, to the point where transferring takes a tenth of the time that it would on a conventional anonymity network. That's particularly important when the nodes on these networks are frequently users' computers. You'd rather not bog down your computer while it checks other users' traffic, after all. Riffle is a long way from becoming practical, but its mix of tougher security and minimal overhead could make it a communication method of choice for anyone worried that they might be watched.