[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: one less onion skin
Steve Southam wrote:
Is it because the ORs don't know where they are in the circuit?
Of course OR3 knows it's at the end, but the others either recognize or
I agree that not using k_1, d_1 would allow OR1 to determine that they
are the first node in a circuit. However, Tor clients already leak this
information. The key agreement with OR1 is done using a "CREATE_FAST"
command rather than a normal "CREATE". So, once an OR receives a
"CREATE_FAST" it knows its position in the circuit. (it might be that
Tor clients which are also onion routers themselves do not send
"CREATE_FAST"... I am not sure)
So the question is, if we have already leaked this information, are we
wasting CPU cycles doing AES with OR1?