I have a protocol I am designing that requires anonymity and privacy. My idea is to have a minimum number of hops in the network before the message can be sent to its intended destination. The response can then somehow be encrypted such that only the original asker can understand. To maintain privacy, each hop only knows its last hop in the route and the minimum hops is random allowing for nodes to maintain anonymity even from the closest hop.
For instance I have a protocol I already know won't work and is why I am here asking for suggestions:
Bob sends a message with a set number of hops before it can go to its intended target, it has the targets name/id, and it has a public key specifically created for talking to the target (these keys can also be thrown away). Bob sends this message through several hops until the minimum hop count is decremented to one. Each hop remembers only the last hop that the request came from and decrements the hop count. Once the last hop sees a count of 0 it forwards the request to the intended target. The target now encrypts the data with the associated key on the message and responds back through all of the hops until bob gets it. Only bob can read the message and only bob knows he is the last hop.
I am aware that any point in the chain can replace the key with their own so that when the data comes back it gets to peek at it before encrypting it with the original key and then forwarding back towards bob. What can fix this flaw/how can I allow encryption and anonymity?