[tor-bugs] #17239 [Tor]: Implement new key blinding scheme for proposal 224

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Nov 19 15:30:07 UTC 2015


#17239: Implement new key blinding scheme for proposal 224
-------------------------+------------------------------
 Reporter:  dgoulet      |          Owner:
     Type:  enhancement  |         Status:  new
 Priority:  Medium       |      Milestone:  Tor: 0.2.???
Component:  Tor          |        Version:
 Severity:  Normal       |     Resolution:
 Keywords:  tor-hs       |  Actual Points:
Parent ID:  #12424       |         Points:  large
  Sponsor:               |
-------------------------+------------------------------

Comment (by teor):

 Replying to [comment:3 teor]:
 > We send the same blinded key to each HSDir, and use it to encrypt the
 payload.
 >
 > This allows the HSDir to descrypt the descriptor, which seems
 dangerous/unnecessary.

 I made a mistake here, the HSDir actually needs the subcredential to
 decrypt, which is derived from the credential.

 So this is what we're doing already with the separate subcredential
 (encryption) and blinded public key (retrieval):

 > * use a different blinded key for retrieval and encryption,

 But using different blinded keys per replica means that replicas can't
 find each other.

 Also, what if replicas overlap? We could end up with just 3 HSDirs for a
 service.

 I'll send a patch in the morning addressing these issues and those in
 #17242.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17239#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list