[tor-bugs] #18638 [Tor]: Write a proposal for PK handshake that uses more client resources than server.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Mar 27 06:38:20 UTC 2016
#18638: Write a proposal for PK handshake that uses more client resources than
server.
--------------------+------------------------------------
Reporter: nickm | Owner:
Type: task | Status: new
Priority: Medium | Milestone: Tor: 0.2.9.x-final
Component: Tor | Version:
Severity: Normal | Resolution:
Keywords: dos | Actual Points:
Parent ID: #17280 | Points: medium/large
Reviewer: | Sponsor: SponsorU-can
--------------------+------------------------------------
Comment (by yawning):
(Do we care about TAP given that we will kill it in the medium term and
it's de-prioritised?)
For ntor, perhaps something like:
Client generates X,x as usual, and additionally calculates `k = EXP(B,x)`.
In addition to the current values, client also sends `SHA3-256(tweak | k |
NODE_ID | KEY_ID | CLIENT_PK)`.
The server needs to calculate `EXP(X,b)` as part of the full ntor
handshake, so this only adds a SHA3 call and a compare server side, and
gives the server the opportunity to abort the handshake early if the
client is sending garbage keys (cuts out 1 scalar basepoint multiply, 1
scalar multiply, and 3 HMAC calls).
(Replace SHA3-256 with HMAC-SHA256 if appropriate)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18638#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list