[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] Key Blinding Secrets
On Tue, Apr 30, 2024 at 8:07 AM Bellebaum, Thomas
<thomas.bellebaum@xxxxxxxxxxxxxxxxxxx> wrote:
>
> Hello everyone,
>
> I am a researcher currently looking into different schemes for what you call Keyblinding in the rendevouz spec.
Hello and welcome!
> https://spec.torproject.org/rend-spec/keyblinding-scheme.html
>
> I noticed that your description there mentiones a secret `s` to be hashed into the blinding factor, and have a few questions about it:
>
> 1. Is this secret currently being used / intended to be used? If so, how?
Nope, nothing is using it or setting it right now.
> 2. What kinds of security (formally or informally) would you expect from using a secret in the derivation process? For example, do you just require that someone without `s` cannot look up the service, or is this also meant as a way of ensuring that HSDir nodes cannot find correlations between services and descriptors (amounting to some sort of additional censorship resistance)?
So, I worked on this design more than 10 years ago, and I am not 100%
sure I remember what we originally had in mind for `s`.
That said, I think my expectation would have been that somebody
without `s` should not be able to look up the onion service, connect
to the onion service, *or* link services and descriptors, or link
descriptors to one another. I don't know if we ever relied on that
latter piece though.
The reason we never built it (IIRC) is that having `KP_hs_id` public
but keeping `s` secret didn't actually achieve anything that couldn't
be achieved just as easily by keeping KP_hs_id secret.
best wishes,
--
Nick
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev