[tor-bugs] #8121 [Tor]: IA-32 Tor users with NaCl may be distinguishable from others

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jan 31 19:11:02 UTC 2013


#8121: IA-32 Tor users with NaCl may be distinguishable from others
----------------------+-----------------------------------------------------
 Reporter:  rransom   |          Owner:                    
     Type:  defect    |         Status:  new               
 Priority:  critical  |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor       |        Version:                    
 Keywords:            |         Parent:                    
   Points:            |   Actualpoints:                    
----------------------+-----------------------------------------------------
 curve25519-donna and curve25519-donna-c64 make no special effort to retain
 the high bit of a public-key coordinate-field element.

 The ref implementation in NaCl makes no special effort to clear it.
 (Fortunately, Tor refuses to use this one.)

 The non-free athlon implementation in NaCl is an unreadable blob with no
 source code in sight, and I don't have a 32-bit environment to test it in
 handy, but a web page documenting an earlier version of that
 implementation ([http://cr.yp.to/ecdh.html#validate]) seems to imply that
 the high bit is considered part of the coordinate-field element.  If this
 is true, it's an anonymity issue for Tor users who use the ntor handshake.

 The donna_c64 implementation in NaCl has the same behaviour as the
 curve25519-donna-c64 implementation shipped with Tor.

 Tor must either clear the high bit of every Curve25519 public key it uses,
 or reduce every Curve25519 public key modulo the field order (the former
 is easier and consistent with the behaviour of the free Curve25519
 implementations shipped in the Tor source package).

 (It appears that a relay can only exploit this by causing a user's
 handshake to fail, but it's still an anonymity bug.)

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8121>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list