[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Key Blinding Secrets

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Key Blinding Secrets
From: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Sat, 4 May 2024 13:30:25 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 04 May 2024 13:30:52 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=torproject.org; s=2022-eugeni; t=1714843844; bh=yorL2ok7UZdxtnZSYwmYAWMSuDRYClZbey0KLxUTx3k=; h=References:In-Reply-To:From:Date:To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Reply-To:From; b=Bgr4G1UokdRD1XWIHIolgGgSMk7A4PZred0+7r9fKISzkBMESmIHhOW4AjSacU3Ui EMESXRt60Z0jRwg3pqmIDH/FEIQ/DMrFqJuV/uLasd4IWfRLwajW/NrE2XXm16m75p 4BgmdsdpvrR7AyqhCr7fqES76jedEscxg6dnUsUpOkOdHqg0f7/xjZS0Qp9mngDaiA D5mlrgYAtPzBX1F2N7/M2UiT6pOVBl7Ae/cRrNoL8KHFhxwi4Syyyyf6mN34QSbsAe +XM4AqSB8n6HzE1/q8m5jd5c9YRSFbkP6BiVRi/qUTRO92+ZOFfp1smiAnr7DH9Xuf x/YvPb3i27mZw==
In-reply-to: <7c61adae882cfc1266f3568d95da839a5f3246f0.camel@aisec.fraunhofer.de>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <7c61adae882cfc1266f3568d95da839a5f3246f0.camel@aisec.fraunhofer.de>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On Tue, Apr 30, 2024 at 8:07 AM Bellebaum, Thomas
<thomas.bellebaum@xxxxxxxxxxxxxxxxxxx> wrote:
>
> Hello everyone,
>
> I am a researcher currently looking into different schemes for what you call Keyblinding in the rendevouz spec.

Hello and welcome!

> https://spec.torproject.org/rend-spec/keyblinding-scheme.html
>
> I noticed that your description there mentiones a secret `s` to be hashed into the blinding factor, and have a few questions about it:
>
> 1. Is this secret currently being used / intended to be used? If so, how?

Nope, nothing is using it or setting it right now.

> 2. What kinds of security (formally or informally) would you expect from using a secret in the derivation process? For example, do you just require that someone without `s` cannot look up the service, or is this also meant as a way of ensuring that HSDir nodes cannot find correlations between services and descriptors (amounting to some sort of additional censorship resistance)?

So, I worked on this design more than 10 years ago, and I am not 100%
sure I remember what we originally had in mind for `s`.

That said, I think my expectation would have been that somebody
without `s`  should not be able to look up the onion service, connect
to the onion service, *or* link services and descriptors, or link
descriptors to one another.  I don't know if we ever relied on that
latter piece though.

The reason we never built it (IIRC) is that having `KP_hs_id` public
but keeping `s` secret didn't actually achieve anything that couldn't
be achieved just as easily by keeping KP_hs_id secret.

best wishes,
-- 
Nick
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Prev by Author: [tor-dev] Proposal 350: A phased plan to remove TAP onion keys
Next by Author: Re: [tor-dev] Proposal 350: A phased plan to remove TAP onion keys
Next by thread: [tor-dev] Proposal 350: A phased plan to remove TAP onion keys
Index(es):
- Author
- Thread