[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Proposal 359: Counter Galois Onion, Updated

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-dev] Proposal 359: Counter Galois Onion, Updated
From: Nick Mathewson via tor-dev <tor-dev@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 9 Apr 2025 09:24:27 -0400
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
Reply-to: Nick Mathewson <nickm@xxxxxxxxxxxxxx>

https://spec.torproject.org/proposals/359-cgo-redux.html

This proposal instantiates a new approach for encrypting relay cells
on circuits, to prevent certain kinds of tagging attacks, to improve
forward secrecy, and more.  It is based on research by Jean Paul
Degabriele, Alessandro Melloni, Jean-Pierre Münch, and Martijn Stam.
You can read their paper at https://eprint.iacr.org/2025/583

This is important and subtle; I'd appreciate any feedback, especially
from cryptographers.

I plan to start implementing this quite soon, on the theory that, even
if there _are_ flaws, it is very unlikely to be _worse_ than our
current malleable relay encryption.

Please feel free to open tickets on gitlab, or to discuss here.
Discussion on the forum is also okay!

cheers,
-- 
Nick
_______________________________________________
tor-dev mailing list -- tor-dev@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-dev-leave@xxxxxxxxxxxxxxxxxxxx

Prev by Author: [tor-dev] Call for comments on proposals 346, 354, and 358.
Next by Author: [tor-dev] Re: can tor use secondary groups to read FamilyKeyDirectory?
Previous by thread: [tor-dev] Call for comments on proposals 346, 354, and 358.
Next by thread: [tor-dev] Proposal 360: Limiting HSDesc size and amplification
Index(es):
- Author
- Thread