On Tue, Dec 16, 2014 at 9:53 AM, Yawning Angel yawning@schwanenlied.me wrote:
Hi all,
For several reasons I've been working on a bit of code that I named "basket". It's almost at the point where the brave members of the general public should be aware that it exists as a potential option in the privacy toolbox, though using it in any capacity beyond testing on a loopback device IS CURRENTLY ACTIVELY DISCOURAGED unless users are comfortable debugging it (This means, DO NOT USE IT. I will likely break backward compatibility in the future, and you will be sad.).
"basket" is my stab at designing something that significantly increases Tor's resistance to upcoming/future attacks, by providing a link layer cryptographic handshake that uses post-quantum cryptographic primitives and defenses against website fingerprinting (and possibly e2e correlation) attacks.
For the ease of development it is in the form of a pluggable transport with the expected tradeoffs (you must absolutely trust your Bridge, since both features only run to the Bridge). It is worth noting that it is anything but subtle, and it is blatantly obvious that a given connection is speaking "basket" as no attempt was made to obfuscate the handshake.
The link layer handshake works roughly like thus: Setup:
- Bob generates a long term SPHINCS256 keypair s,S used to sign responses.
The handshake:
- Alice generates a Curve25519 keypair x,X and a NTRUEncrypt EES1171EP1 keypair n,N.
- Alice sends X | N to Bob.
- Bob generates a Curve25519 keypair y,Y, and calculates Curve25519(y,X) as the shared secret.
- Bob sends NTRUEncrypt(N,Y) | S | SPHINCS256(s, ntru_ciphertext | S) to Alice.
- Alice verifies the SPHINCS256 signature (Alice's copy of S is saved/trusted in a Trust-On-First-Use manner), and decrypts the NTRU ciphertext to obtain Y.
- Alice calculates Curve25519(x,Y) as the shared secret.
NB: Some details omitted for brevity.
Should the handshake also a signature by Bob of (X|N), and should maybe the shared secret also include a digest of all the other parts of the communication?