[tor-bugs] #31777 [Core Tor/Stem]: Key blinding in onionbalance v3

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Oct 2 11:30:41 UTC 2019 

#31777: Key blinding in onionbalance v3
-------------------------------------------------+-------------------------
 Reporter:  asn                                  |          Owner:  atagar
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Core Tor/Stem                        |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-hs scaling onionbalance          |  Actual Points:  1.5
  network-team-roadmap-september tor-spec        |
Parent ID:  #26768                               |         Points:  2
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by asn):

 Replying to [comment:4 teor]:
 > Here's my opinion:
 > A. Let's do as much as we can in stem, and expose a clean interface to
 Onion Balance v3
 > B. Let's use the reference implementation in stem, until python
 cryptography grows its own

 Agreed, will take this approach for now!

 My plan for now is to write a small wrapper on top of the reference
 implementation that exposes objects that behave like the hazmat keys (in
 terms of duck typing expose `sign()`, `verify()`, `public_key()` methods)
 so that they can be used interchangeably in the hsv3 parts of the stem
 codebase.

 > C. Can we convert from the blinded format to the format that stem needs
 for signing? How does Tor do it?

 We cannot do that because hazmat has a different private key format
 (stores the seed) than the blinded key format (stores the private scalar).
 And you cannot go from the blinded key format to the hazmat format (you
 can't compute the seed from the private scalar). It's a mess but I can
 describe more if you want. Some more info:
 https://blog.mozilla.org/warner/2011/11/29/ed25519-keys/ and
 https://trac.torproject.org/projects/tor/ticket/28123#comment:4

 Tor uses a custom implementation of ed25519 donna that supports the
 private key format we use, and donna also exposes the primitives we need.

 Thanks for the feedback!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31777#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list