Counter Galois Onion: Improved encryption for Tor circuit traffic
16 hours ago
- #encryption
- #Tor
- #cybersecurity
- Tor is replacing its old relay encryption algorithm 'tor1' with a new design called Counter Galois Onion (CGO).
- CGO addresses several security issues in tor1, including tagging attacks, lack of immediate forward secrecy, and weak 4-byte authenticators.
- Tagging attacks allow adversaries to trace traffic by modifying it in one place and observing changes elsewhere, a major security flaw in tor1.
- CGO uses a Rugged Pseudorandom Permutation (RPRP) to prevent tagging attacks by ensuring any tampering renders the entire message unrecoverable.
- The new design also provides immediate forward secrecy, destroying decryption keys after use, unlike tor1 which reused keys for the circuit's lifetime.
- CGO replaces the weak 4-byte SHA-1 digest with a stronger 16-byte authenticator, significantly reducing the chance of undetected forgeries.
- Implementation of CGO is underway in both Arti (Rust Tor implementation) and the C Tor implementation, with plans to enable it by default in Arti soon.
- The transition to CGO involves refactoring code to accommodate new encryption methods, improving future flexibility for further cryptographic updates.
- Despite being a new design, CGO is considered a significant improvement over tor1, with no expected weaknesses that would make it less secure.