[tor-dev] (Draft) Proposal 224: Next-Generation Hidden Services in Tor

George Kadianakis desnacked at riseup.net
Sun Jan 19 15:11:52 UTC 2014

During RWC we discussed some of the leftover items of this proposal
with Nick. Here is a short summary of what we discussed:

On #8106: Nick Hopper's proof should give us sufficient confidence to
          start implementing this. We should make the proof more
          visible so that more cryptographers look at it.

On #8244: We have received lots of good comments and proposals by Nick
          Hopper and Kang here. We should look more into those,
          evaluate how implementable they are and turn them into
          proper specs. In the meanwhile, since we are building the
          #8244 subsystem to be modular, if there is a need to
          implement something we can start with the commit-and-reveal
          approach, and eventually migrate to a more robust solution.

          If we have to implement the commit-and-reveal approach we
          should make it harder for authorities to misbehave by
          publishing protocol errors to consensus-health or something.

On HS scaling:
          We still haven't decided what's best here. We are not even
          sure if the whole project is worth doing, or whether we
          should even try to hide the number of peers and their

          We decided that if we still haven't decided what to do when
          we start implementing stuff, we should first build the
          Introduction Point side so that the network is ready, and
          then eventually do the Hidden Service side if we ever decide
          what's best.

          On the Introduction Point side we should allow Introduction
          Points to keep multiple introduction circuits open and
          implement some logic of deciding which one to use for
          passing introduction cells (probably pick one
          randomly). This should support future designs that allow
          "multiple HS peers behind each IP" and implementing the IP
          logic should be quite easy.

On the crypto:
          Nick showed NTOR-WITH-EXTRA-DATA to Ian and Doublas
          Stabila. Hopefully we will get some feedback on its
          correctness soon.


More information about the tor-dev mailing list