commit 01e865d592ffcbb67a0e6631c56e5b8048ea6065 Author: teor (Tim Wilson-Brown) teor2345@gmail.com Date: Fri Nov 20 11:57:09 2015 +1100

prop224: use a different salt for each replica and upload

Use a different salt for each descriptor replica and upload, to avoid matching encrypted blobs, which could be used to link other replicas of the service.

If descriptors for different replicas cannot be linked, then it becomes much harder for a malicious HSDir to discover other replicas and attept to DoS them. --- proposals/224-rend-spec-ng.txt | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/proposals/224-rend-spec-ng.txt b/proposals/224-rend-spec-ng.txt index 2575136..612ca2c 100644 --- a/proposals/224-rend-spec-ng.txt +++ b/proposals/224-rend-spec-ng.txt @@ -919,7 +919,12 @@ Status: Draft The encrypted part of the hidden service descriptor is encrypted and authenticated with symmetric keys generated as follows:

- salt = 16 random bytes + salt = 16 random bytes, different for each post to each replica, + even if the content of the descriptor hasn't changed. + (This avoids leaking service stability, and linking replicas + via encrypted data comparison.) + + [ XX/teor - is the extra load on the HSDirs worth it? ]

secret_input = blinded_public_key | subcredential | INT_4(revision_counter)