[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] Proposal 216: Improved circuit-creation key exchange
On Thu, Nov 29, 2012 at 11:07 PM, Mike Perry <mikeperry@xxxxxxxxxxxxxx> wrote:
>
> Thus spake Nick Mathewson (nickm@xxxxxxxxxxxxx):
>
> > Title: Improved circuit-creation key exchange
> > Author: Nick Mathewson
> >
> > Summary:
> >
> > This is an attempt to translate the proposed circuit handshake from
> > "Anonymity and one-way authentication in key-exchange protocols" by
> > Goldberg, Stebila, and Ustaoglu, into a Tor proposal format.
> >
> > It assumes that proposal 200 is implemented, to provide an extended CREATE
> > cell format that can indicate what type of handshake is in use.
> >
> > Protocol:
> >
> > Take a router with identity key digest ID.
> >
> > As setup, the router generates a secret key b, and a public onion key
> > B with b, B = KEYGEN(). The router publishes B in its server descriptor.
> >
> > To send a create cell, the client generates a keypair x,X = KEYGEN(), and
> > sends a CREATE cell with contents:
> >
> > NODEID: ID -- H_LENGTH bytes
> > KEYID: KEYID(B) -- H_LENGTH bytes
> > CLIENT_PK: X -- G_LENGTH bytes
>
> I mentioned this on the ntor ticket (#7202), but it's probably worth
> repeating here in case anyone has any suggestions or ideas:
>
> I think we really should consider a proof-of-work field on the client's
> CREATE cell, so we have some form of response available in the event of
> circuit-based CPU DoSes against Tor relays.
Not an issue: in 10 minutes a Core 2 Quad Intel machine can calculate
10 million ECC calculations.
I think we'll be okay.
--
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither Liberty nor Safety."
-- Benjamin Franklin
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev