[tor-talk] new paper on Tor and cryptography

taxakis taxakis at gmail.com
Wed Jan 7 10:32:32 UTC 2015

Headline: Post-Quantum Secure Onion Routing (Future Anonymity in Today\'s
Budget), by Satrajit Ghosh and Aniket Kate

The onion routing (OR) network Tor provides anonymity to its users by
routing their encrypted traffic through three proxies (or nodes). The key
cryptographic challenge, here, is to establish symmetric session keys using
a secure key exchange between the anonymous users and the selected nodes.
The Tor network currently employs a one-way authenticated key exchange
(1W-AKE) protocol \'ntor\' for this purpose.   Nevertheless, ntor as well as
other known 1W-AKE protocols rely solely on some classical Diffie-Hellman
(DH) type assumptions for their (forward) security, and thus privacy of
Today\'s anonymous communication could not be ensured once quantum computers

In this paper, we demonstrate utility of quantum-secure lattice-based
cryptography towards solving this problem for onion routing. In particular,
we present a novel hybrid 1W-AKE protocol (HybridOR) that is secure under
the lattice-based ring learning with error (ring-LWE) assumption as well as
the gap DH assumption. Due to its hybrid design, HybridOR is not only
resilient against quantum attacks but also at the same time allows the OR
nodes to use the current DH public keys and subsequently requires no
modification to the current Tor public key infrastructure. Moreover, thanks
to the recent progress in lattice-based cryptography in the form of
efficient ring-based constructions, our protocol is also computationally
more efficient than the currently employed 1W-AKE protocol ntor, and it only
introduces small and manageable communication overhead to the Tor protocol.

More information about the tor-talk mailing list