[tor-talk] .onion name gen

Seth David Schoen schoen at eff.org
Fri Mar 4 20:52:50 UTC 2016


Scfith Rise up writes:

> It _would_ be the same private key. Good luck with generating 1.2 septillion permutations (16^32). 

This would be true if the public key were used directly as the onion name
(which might be possible in certain elliptic curve systems because keys
are so small).

But in this case, the onion name is calculated from a hash of the public
key, and the size of the hash is much smaller than the size of the
underlying pubkey (80 bits vs. 1024 bits).  The pigeonhole principle
requires that many, many different pubkeys must have the same hash --
on average, about 2⁹⁴⁴ pubkeys would have the same hash.  When you
get a perfect collision from scallion, after doing that 2⁸⁰ work
(analogous to about 11 days of entire work of the Bitcoin network --
which you can think of as surprisingly much or surprisingly little work),
you're still astronomically unlikely to have the same private key!

-- 
Seth Schoen  <schoen at eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107


More information about the tor-talk mailing list