Improving Efficiency and Simplicity of Tor Circuit Establishment and Hidden Services

  • Lasse Øverlier
  • Paul Syverson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4776)


In this paper we demonstrate how to reduce the overhead and delay of circuit establishment in the Tor anonymizing network by using predistributed Diffie-Hellman values. We eliminate the use of RSA encryption and decryption from circuit setup, and we reduce the number of DH exponentiations vs. the current Tor circuit setup protocol while maintaining immediate forward secrecy. We also describe savings that can be obtained by precomputing during idle cycles values that can be determined before the protocol starts. We introduce the distinction of eventual vs. immediate forward secrecy and present protocols that illustrate the distinction. These protocols are even more efficient in communication and computation than the one we primarily propose, but they provide only eventual forward secrecy. We describe how to reduce the overhead and the complexity of hidden server connections by using our DH-values to implement valet nodes and eliminate the need for rendezvous points as they exist today. We also discuss the security of the new elements and an analysis of efficiency improvements.


Server Node Forward Secrecy Rendezvous Point Anonymizing Network Introduction Point 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    Berthold, O., Federrath, H., Köpsell, S.: Web MIXes: A system for anonymous and unobservable Internet access. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 115–129. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Boucher, P., Shostack, A., Goldberg, I.: Freedom systems 2.0 architecture. White paper, Zero Knowledge Systems, Inc. (December 2000)Google Scholar
  4. 4.
    Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer, Heidelberg (2003)Google Scholar
  5. 5.
    Clarke, I., Sandberg, O., Wiley, B., Hong, T.W.: Freenet: A distributed anonymous information storage and retrieval system. In: Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability, pp. 46–66 (July 2000)Google Scholar
  6. 6.
    Dingledine, R., Mathewson, N.: Tor protocol specification (February 2007),
  7. 7.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium (August 2004)Google Scholar
  8. 8.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. on Information Theory 31(4), 469–472 (1985)zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Goldberg, I.: On the security of the Tor authentication protocol. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Hiding Routing Information. In: Anderson, R. (ed.) Information Hiding. LNCS, vol. 1174, pp. 137–150. Springer, Heidelberg (1996)Google Scholar
  11. 11.
    Onion Routing: Brief Selected History,
  12. 12.
    IEEE. P1363 standard specifications for public-key cryptography. IEEE Std 1363-2000 (January 2000)Google Scholar
  13. 13.
    Kate, A., Zaverucha, G., Goldberg, I.: Pairing-based onion routing. In: TSDM 2000. LNCS, Springer, Heidelberg (2001), Also University of Waterloo, Tech. Report CACR 2007-08Google Scholar
  14. 14.
    Manezes, A.J., Qu, M., Vanstone, S.A.: Some new key agreement protocols providing implicit authentication. In: Workshop in Selected Areas of Cryptography (SAC 1995), pp. 22–32 (1995)Google Scholar
  15. 15.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton, USA (1997)zbMATHGoogle Scholar
  16. 16.
    Murdoch, S.J.: Hot or not: Revealing hidden services by their clock skew. In: CCS 2006. Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 27–36. ACM Press, New York (2006)CrossRefGoogle Scholar
  17. 17.
    Øverlier, L., Syverson, P.: Locating hidden servers. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (2006)Google Scholar
  18. 18.
    Øverlier, L., Syverson, P.: Valet services: Improving hidden servers with a personal touch. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Reed, M.G., Syverson, P.F., Goldschlag, D.M.: Proxies for Anonymous Routing. In: Proceedings of the 12th Annual Computer Security Applications Conference, pp. 95–104. IEEE Computer Society Press, Los Alamitos (1996)CrossRefGoogle Scholar
  20. 20.
    Reed, M.G., Syverson, P.F., Goldschlag, D.M.: Anonymous connections and onion routing. IEEE Journal on Selected Areas in Communications 16(4), 482–494 (1998)CrossRefGoogle Scholar
  21. 21.

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Lasse Øverlier
    • 1
    • 2
  • Paul Syverson
    • 3
  1. 1.Norwegian Defence Research Establishment, P.B. 25, 2027 KjellerNorway
  2. 2.Gjøvik University College, P.B. 191, 2802 GjøvikNorway
  3. 3.Center for High Assurance Computer Systems, Naval Research Laboratory Code 5540, Washington, DC 20375 

Personalised recommendations