David Wong

cryptologie.net

cryptography, security, and random thoughts

Hey! I'm David, cofounder of zkSecurity, research advisor at Archetype, and author of the Real-World Cryptography book. I was previously a cryptography architect of Mina at O(1) Labs, the security lead for Libra/Diem at Facebook, and a security engineer at the Cryptography Services of NCC Group. Welcome to my blog about cryptography, security, and other related topics.

← back to all posts

How does TOR works

blog

I’ve always wondered how TOR (The Onion Router) worked and was a bit scared of digging into it. After all, bitcoin is pretty hard to grasp, how would TOR be different? But I found out that TOR was actually a pretty simple concept!

The official explanation is top notch. To sum up, instead of sending a packet to the destination (google.com for example), you choose a route of TOR nodes that will lead to that destination (usually 3 nodes). And for efficiency purpose you will keep that route for 10 minutes)

The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you

route

  • The first node only see who’s sending the packet (you) and who it is for (the second node). It decrypts the payload and send it to the second node.
  • The second node only sees it came from the first node, decrypts the payload and send it to the third node
  • The third node sees it came from the second node, decrypts the payload and send it to the destination (in clear if you don’t use ssl)

From TOR’s FAQ:

Can’t the third server see my traffic?
Possibly. A bad third of three servers can see the traffic you sent into Tor. It won’t know who sent this traffic. If you’re using encryption, such as visiting a bank or e-commerce website, or encrypted mail connections, etc, it will only know the destination. It won’t be able to see the data inside the traffic stream. You are still protected from this node figuring out who you are and if using encryption, what data you’re sending to the destination.

To be able to do this, this is where the encapsulation or rather onion routing technique is used.

onion

As we know the route we are going to take, we can encrypt several time our packet. For example: we’ll encrypt the packet router B will have to send to router C with the public key of router A. So when router A opens the packet and decrypts it with its private key, he only sees the encrypted payload destined to router B. He can then send it to router B and the latter will decrypt it and send the payload to router C and on and on. I think the picture is clearer than my explanations.

Voilà! Not that hard huh?

PS: here’s a list of potential attacks on TOR in their design paper

suggested reads:
Silk Road caught, Tor compromised? blog
Browser End-to-End Encryption blog
Real World Crypto: debriefing blog
← back to all posts blog • 2015-01-08
currently reading:
How does TOR works
01-08 blog
recent posts:
New cryptologie.net
07-20 blog
Weaponizing AI Assistants: With Their Permission
07-20 blog
What are Schwartz-Zippel circuits? How do they relate to iterative constraint systems?
05-29 blog
Short Note On Montgomery Reduction: Why Operating Modulo b?
05-24 blog
Still confused by Plonk's permutation?
03-13 blog
📖 my book
Real-World Cryptography is available from Manning Publications.
A practical guide to applied cryptography for developers and security professionals.
🎙️ my podcast
Two And A Half Coins on Spotify.
Discussing cryptocurrencies, databases, banking, and distributed systems.
📺 my youtube
Cryptography videos on YouTube.
Video explanations of cryptographic concepts and security topics.