[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [torspec] 02/03: Describe identity-binding defense for intro-point POW

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [torspec] 02/03: Describe identity-binding defense for intro-point POW
From: gitolite role via tor-commits <tor-commits@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 24 May 2023 18:38:27 +0000
Auto-submitted: auto-generated
Cc: gitolite role <git@xxxxxxxxxxxxxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 24 May 2023 14:38:36 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.torproject.org; s=2022-eugeni; t=1684953513; bh=yIF9xSTsRIviSVTK390FcfiHo6p5nqxgc7pabJm5BB0=; h=Date:To:In-Reply-To:References:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=hRDpGYg/r2l2khALcAOtWSdt+TZ3DEPYmvQq6fB36nxn/+L1oX01+6g0Om2nDq7zf AvZKLBDpv1ee57f4jsPbHCcodlrxYIyQ4W6We1oEHHnp8b4GXrpkGl7oMomQRHJOa7 AzSCkdQVtFI9ZxV0xDbi5nTlCgefxiKa1xFSx1fJ/3qhV+oTBztR4VyNIXR1SRXdwX aX1U9pMyVkmumQke9lnS29odw+q/84is809tgHxmh1R5tcLY6P87/Co1zTxbCEjrCj uACSVhn0lYcHJAigJfAX9SKGetciDp64ac/WJCR2fIhlG1S0t301qoXZOGIROyJWxA QyKt6RNbZp2QA==
In-reply-to: <168495350538.7747.2598000432824699381@cupani.torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
References: <168495350538.7747.2598000432824699381@cupani.torproject.org>
Reply-to: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: AQAAEjRWB1nM784HQ3eJYfP1+xWA5A==

This is an automated email from the git hooks/post-receive script.

dgoulet pushed a commit to branch main
in repository torspec.

commit 97c0c12f478edcd9cd72aedd318f117b9f161946
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
AuthorDate: Mon May 8 13:30:47 2023 -0400

    Describe identity-binding defense for intro-point POW
---
 proposals/327-pow-over-intro.txt | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/proposals/327-pow-over-intro.txt b/proposals/327-pow-over-intro.txt
index 1ecbe3b..8f17753 100644
--- a/proposals/327-pow-over-intro.txt
+++ b/proposals/327-pow-over-intro.txt
@@ -303,6 +303,12 @@ Status: Draft
   PoW 'target' (see [REF_TARGET]). The client SHOULD NOT accept 'target' values
   that will cause unacceptably long PoW computation.
 
+  The client uses a "personalization string" P equal to the following
+  nul-terminated ascii string: "Tor hs intro v1\0".
+
+  The client looks up `ID`, the current 32-byte blinded public ID
+  (KP_hs_blind_id) for the onion service.
+
   To complete the PoW the client follows the following logic:
 
       a) Client selects a target effort E, based on <suggested-effort> and past
@@ -310,8 +316,8 @@ Status: Draft
       b) Client generates a secure random 16-byte nonce N, as the starting
          point for the solution search.
       c) Client derives seed C by decoding 'seed-b64'.
-      d) Client calculates S = equix_solve(C || N || E)
-      e) Client calculates R = ntohl(blake2b_32(C || N || E || S))
+      d) Client calculates S = equix_solve(P || ID || C || N || E)
+      e) Client calculates R = ntohl(blake2b_32(P || ID || C || N || E || S))
       f) Client checks if R * E <= UINT32_MAX.
         f1) If yes, success! The client can submit N, E, the first 4 bytes of
         C, and S.
@@ -388,9 +394,9 @@ Status: Draft
          exists.
       b) Fail if N = POW_NONCE is present in the replay cache
               (see [REPLAY_PROTECTION])
-      c) Calculate R = ntohl(blake2b_32(C || N || E || S))
+      c) Calculate R = ntohl(blake2b_32(P || ID || C || N || E || S))
       d) Fail if R * E > UINT32_MAX
-      e) Fail if equix_verify(C || N || E, S) != EQUIX_OK
+      e) Fail if equix_verify(P || ID || C || N || E, S) != EQUIX_OK
       f) Put the request in the queue with a priority of E
 
    If any of these steps fail the service MUST ignore this introduction request

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

References:
- [tor-commits] [torspec] branch main updated (0d91005 -> 9c55db4)
  - From: gitolite role via tor-commits

Prev by Author: [tor-commits] [torspec] branch main updated: Add info that onion v3 URLs use SHA3-256
Next by Author: [tor-commits] [tor] 02/10: Fixed REND1 metric label value
Previous by thread: [tor-commits] [torspec] 01/03: proposal 327: Editing pass to align the spec with our implementation
Next by thread: [tor-commits] [torspec] 03/03: Merge branch 'tor-gitlab/mr/134'
Index(es):
- Author
- Thread