[tor-dev] Proposition: Applying an AONT to Prop224 addresses?

Alec Muffett alec.muffett at gmail.com
Sun Mar 26 12:24:41 UTC 2017


So: a bunch of us were discussing Prop224 Onion addresses, and their

Specifically: that there are small bit fields in the current Prop224 Onion
Address schema (eg: version, and other future structure?) which can be
tweaked or amended without otherwise changing the functionality of the
address, or without much changing what the user sees in the (say) browser
address bar.

This is a point of significant concern because of issues like phishing and
passing-off - by analogy: t0rpr0ject.0rg versus torproject.org  - and other
games that can be played with a prop224 address now, or in future, to game
user experience.

We discussed the existing "hash the public key before base-32 encoding"
approach, but hashing breaks the prop224 key blinding.

Ian Goldberg - thank you Ian - offered this attractive solution: apply a
*reversible* "All Or Nothing Transform" (AONT) to the entire Prop224 Onion
Address, prior to Base32 Encoding.

This way, even a single-bit mutation of (say) version number will have a
"diffusion" effect, impacting ~ N/2 of the bits whilst having O(1) cost and
being reversible so as not to impact the rest of Prop224.

The result would be onion addresses which are less "tamperable" / more
deterministic, that closer to one-and-only-one published onion address will
correspond to an onion endpoint.

What does the panel think?

    - alec

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20170326/6163d65c/attachment.html>

More information about the tor-dev mailing list