[tor-commits] [torspec/master] prop224: Specify onion address encoding

asn at torproject.org asn at torproject.org
Tue Jan 31 12:55:17 UTC 2017 

commit 80e443aac029a454c1737e309569674b8eb0e2f3
Author: George Kadianakis <desnacked at riseup.net>
Date:   Tue Jan 31 14:52:32 2017 +0200

    prop224: Specify onion address encoding
---
 proposals/224-rend-spec-ng.txt | 52 ++++++++++++++++++++++++++++++------------
 1 file changed, 37 insertions(+), 15 deletions(-)

diff --git a/proposals/224-rend-spec-ng.txt b/proposals/224-rend-spec-ng.txt
index 4ef1ae3..814fd74 100644
--- a/proposals/224-rend-spec-ng.txt
+++ b/proposals/224-rend-spec-ng.txt
@@ -67,7 +67,8 @@ Table of contents:
             4.2.1. Key expansion
         4.3. Using legacy hosts as rendezvous points
     5. Encrypting data between client and host
-    6. Open Questions:
+    6. Encoding onion addresses [ONIONADDRESS]
+    7. Open Questions:
 
 -1. Draft notes
 
@@ -404,9 +405,10 @@ Table of contents:
 
 1.2. In more detail: naming hidden services [NAMING]
 
-   A hidden service's name is its long term master identity key.  This
-   is encoded as a hostname by encoding the entire key in Base 32, and
-   adding the string ".onion" at the end.
+   A hidden service's name is its long term master identity key.  This is
+   encoded as a hostname by encoding the entire key in Base 32, including a
+   version byte and a checksum, and then appending the string ".onion" at the
+   end. The result is a 56-character domain name.
 
    (This is a change from older versions of the hidden service protocol,
    where we used an 80-bit truncated SHA1 hash of a 1024 bit RSA key.)
@@ -419,17 +421,9 @@ Table of contents:
 
    And a new name following this specification might look like:
 
-        a1uik0w1gmfq3i5ievxdm9ceu27e88g6o7pe0rffdw9jmntwkdsd.onion
+        l5satjgud6gucryazcyvyvhuxhr74u6ygigiuyixe3a6ysis67ororad.onion
 
-   Note that since master keys are 32 bytes long, and 52 bytes of base
-   32 encoding can hold 260 bits of information, we have four unused
-   bits in each of these names.
-
-   [TODO: Alternatively, we could require that the first bit of the
-   master key always be zero, and use a 51-byte encoding. Or we could
-   require that the first two bits be zero, and use a 51-byte encoding
-   and reserve the first bit. Or we could require that the first nine
-   bits, or ten bits be zero, etc.]
+   Please see section [ONIONADDRESS] for the encoding specification.
 
 1.3. In more detail: Access control [IMD:AC]
 
@@ -1874,7 +1868,31 @@ Table of contents:
    decryption. The client encrypts with Kf and decrypts with Kb; the
    service host does the opposite.
 
-6. Open Questions:
+6. Encoding onion addresses [ONIONADDRESS]
+
+   The onion address of a hidden service includes its identity public key, a
+   version field and a basic checksum. All this information is then base32
+   encoded as shown below:
+
+     onion_address = base32(PUBKEY || CHECKSUM || VERSION) + ".onion"
+     CHECKSUM = H(".onion checksum" || PUBKEY || VERSION)
+
+     where:
+       - PUBKEY is the 32 bytes ed25519 master pubkey of the hidden service.
+       - VERSION is an one byte version field (default value '\x03')
+       - ".onion checksum" is a constant string
+       - CHECKSUM is truncated to two bytes before inserting it in onion_address
+
+  Here are a few example addresses (with broken checksum):
+
+       l5satjgud6gucryazcyvyvhuxhr74u6ygigiuyixe3a6ysis67ororad.onion
+       btojiu7nu5y5iwut64eufevogqdw4wmqzugnoluw232r4t3ecsfv37ad.onion
+       vckjr6bpchiahzhmtzslnl477hdfvwhzw7dmymz3s5lp64mwf6wfeqad.onion
+
+   For more information about this encoding, please see our discussion thread
+   at [ONIONADDRESS-REFS].
+
+7. Open Questions:
 
    Scaling hidden services is hard. There are on-going discussions that
    you might be able to help with. See [SCALING-REFS].
@@ -1941,6 +1959,9 @@ References:
 [VANITY-REFS]:
         https://github.com/Yawning/horse25519
 
+[ONIONADDRESS-REFS]:
+        https://lists.torproject.org/pipermail/tor-dev/2017-January/011816.html
+
 Appendix A. Signature scheme with key blinding [KEYBLIND]
 
   As described in [IMD:DIST] and [SUBCRED] above, we require a "key
@@ -2166,3 +2187,4 @@ Appendix F. Managing authorized client data [CLIENT-AUTH-MGMT]
 	  [XXX how does key management work here?]
 	  [XXX what happens when people use both the control port interface and the
 	       filesystem interface?]
+

More information about the tor-commits mailing list