[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Can someone please help me understand section 1.10 of the rendezvous spec



On Tue, Jun 03, 2014 at 07:47:29PM +0000, Yaron Goland wrote:
> I'm trying to understand section 1.10 of https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=rend-spec.txt
> 
> 
> It seems to say that Alice and Bob directly negotiate a shared symmetric key. Is that true? Does it mean that all communications between Alice and Bob, in the context of a Tor hidden service, are in fact encrypted end to end?
> 
> 
> I believe that https://www.torproject.org/docs/hidden-services.html.en confirms this point when it says "The rendezvous point simply relays (end-to-end encrypted) messages from client to service and vice versa."
> 
> 
> But this point is really critical for a threat model I'm building so I just want to make sure I've gotten things right. Could anyone confirm?


Hi Yaron,

The short answer is yes. This is how Alice and Bob establish a shared
secret key.

The longer answer is yes, section 1.10 describes how Alice (the client)
and Bob (the hidden service) establish shared secrets. After both Alice
and Bob possess the two respective halves of the Diffie-Hellman keys,
they use the shared secret and a key derivation function to expand the
key material into a byte sequence from which a 5-tuple is extracted (KH,
Df, Db, Kf, Kb). The first element (KH) is used to prove knowledge of
the shared secret, the second (Df) is used when computing the digest of
every cell from Alice to Bob, Db is the same but for cells from Bob to
Alice, Kf is the shared secret key used to {en,de}cipher cells from
Alice to Bob, and Kb is used to {en,de}cipher cells from Bob to Alice.
It sounds like these latter two keys, Kf and Kb, are what you are most
interested in.  Assuming the rendezvous point is unable to break the
security assumptions of the Diffie-Hellman handshake and the KDF is
secure, all messages sent between Alice and Bob are end-to-end
encrypted.

Does this make sense?

HTH,
Matt
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk