[tor-dev] Proposition: Applying an AONT to Prop224 addresses?

Alec Muffett alec.muffett at gmail.com
Sun Mar 26 22:27:33 UTC 2017

> We could leave the version field outside the AONT, though, but commit to
> changing the paramaters of the AONT (in particular, the domain
> separation constant?) if we change the version number, so that an
> adversary changing the version number to "2" would just cause the client
> to throw an error (before version 2 exists) or be an invalid address
> (after version 2 exists)?

To add an aside from a discussion with Teor: the entire "version" field
could be reduced to a single - probably "zero" - bit, in a manner perhaps
similar to the distinctions between Class-A, Class-B, Class-C... addresses
in old IPv4.

Thus: if the first bit in the address is zero, then there is no version,
and we are at version 0 of the format

If the first bit is one, we are using v1+ of the format and all bets are
off, except that the obvious thing then to do is count the number of 1-bits
(up to some limit) and declare that to be version number.  Once we're up to
3 or 4 or 7 or 8 one-bits, then shift version encoding totally.

Teor will correct me if I misquote him, but the advantage here was:

a) the version number is 1 bit, ie: small, for the forseeable / if we get
it right

b) in pursuit of smallness, we could maybe dump the hash in favour of a
AONT + eyeballs, which would give back a bunch of extra bits

result: shorter addresses, happier users.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20170327/66c57b27/attachment.html>

More information about the tor-dev mailing list