one less onion skin

James Muir jamuir at scs.carleton.ca
Wed Mar 7 05:07:25 UTC 2007


Steve Southam wrote:
> Is it because the ORs don't know where they are in the circuit?
> Of course OR3 knows it's at the end, but the others either recognize or 
> relay.

I agree that not using k_1, d_1 would allow OR1 to determine that they 
are the first node in a circuit.  However, Tor clients already leak this 
information.  The key agreement with OR1 is done using a "CREATE_FAST" 
command rather than a normal "CREATE".  So, once an OR receives a 
"CREATE_FAST" it knows its position in the circuit. (it might be that 
Tor clients which are also onion routers themselves do not send 
"CREATE_FAST"... I am not sure)

So the question is, if we have already leaked this information, are we 
wasting CPU cycles doing AES with OR1?

-James



More information about the tor-talk mailing list