1e2b76f5836d51ae2c19539e5dffdf7ffdd5c84f
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

1) ## translation metadata
Roger Dingledine looks like we never set the...

Roger Dingledine authored 14 years ago

2) # Revision: $Revision$
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

3) # Translation-Priority: 3-low
4) 
5) #include "head.wmi" TITLE="Tor: Hidden Service Protocol" CHARSET="UTF-8"
6) <div id="content" class="clearfix">
7)   <div id="breadcrumbs">
Andrew Lewman change all of the breadcrum...

Andrew Lewman authored 14 years ago

8)     <a href="<page index>">Home &raquo; </a>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

9)     <a href="<page docs/documentation>">Documentation &raquo; </a>
10)     <a href="<page docs/hidden-services>">Hidden Services</a>
11)   </div>
12)   <div id="maincol"> 
13)     <h2>Tor: Hidden Service Protocol</h2>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

14)     <hr>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

15)     
16)     <p>
17)     Tor makes it possible for users to hide their locations while offering
18)     various kinds of services, such as web publishing or an instant
19)     messaging server.  Using Tor "rendezvous points," other Tor users can
20)     connect to these hidden services, each without knowing the other's
21)     network identity. This page describes the technical details of how
22)     this rendezvous protocol works. For a more direct how-to, see our <a
23)     href="<page docs/tor-hidden-service>">configuring hidden services</a>
24)     page.
25)     </p>
26)     
27)     <p>
28)     A hidden service needs to advertise its existence in the Tor network before
29)     clients will be able to contact it. Therefore, the service randomly picks
30)     some relays, builds circuits to them, and asks them to act as
31)     <em>introduction points</em> by telling them its public key. Note
32)     that in the following figures the green links are circuits rather
33)     than direct connections. By using a full Tor circuit, it's hard for
34)     anyone to associate an introduction point with the hidden server's IP
35)     address. While the introduction points and others are told the hidden
36)     service's identity (public key), we don't want them to learn about the
37)     hidden server's location (IP address).
38)     </p>
39)     
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

40)     <img alt="Tor hidden service step one" src="$(IMGROOT)/THS-1.png">
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

41)     # maybe add a speech bubble containing "PK" to Bob, because that's what
42)     # Bob tells to his introduction points
43)     
44)     <p>
45)     Step two: the hidden service assembles a <em>hidden service
46)     descriptor</em>, containing its public key and a summary of each
47)     introduction point, and signs this descriptor with its private key.
48)     It uploads that descriptor to a distributed hash table. The descriptor will be
49)     found by clients requesting XYZ.onion where XYZ is a 16 character
50)     name that can be uniquely derived from the service's public key. After
51)     this step, the hidden service is set up.
52)     </p>
53)     
54)     <p>
55)     Although it might seem impractical to use an automatically-generated
56)     service name, it serves an important goal: Everyone &ndash; including
57)     the introduction points, the distributed hash table directory, and of course the
58)     clients &ndash; can verify that they are talking to the right hidden
Roger Dingledine alas, zooko.com appears to...

Roger Dingledine authored 13 years ago

59)     service. See also <a href="http://zooko.com/distnames.html">Zooko's
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

60)     conjecture</a> that out of Decentralized, Secure, and Human-Meaningful,
61)     you can achieve at most two. Perhaps one day somebody will implement a <a
62)     href="http://www.skyhunter.com/marcs/petnames/IntroPetNames.html">Petname</a>
63)     design for hidden service names?
64)     </p>
65)     
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

66)     <img alt="Tor hidden service step two" src="$(IMGROOT)/THS-2.png">
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

67)     # maybe replace "database" with "DHT"; further: how incorrect
68)     # is it to *not* add DB to the Tor cloud, now that begin dir cells are in
69)     # use?
70)     
71)     <p>
Andrew Lewman update hidden service examp...

Andrew Lewman authored 12 years ago

72)     Step three: A client that wants to contact a hidden service needs
73)     to learn about its onion address first. After that, the client can
74)     initiate connection establishment by downloading the descriptor from
75)     the distributed hash table. If there is a descriptor for XYZ.onion
76)     (the hidden service could also be offline or have left long ago,
77)     or there could be a typo in the onion address), the client now
78)     knows the set of introduction points and the right public key to
79)     use. Around this time, the client also creates a circuit to another
80)     randomly picked relay and asks it to act as <em>rendezvous point</em>
81)     by telling it a one-time secret.
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

82)     </p>
83)     
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

84)     <img alt="Tor hidden service step three" src="$(IMGROOT)/THS-3.png">
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

85)     # maybe add "cookie" to speech bubble, separated from the surrounded
86)     # "IP1-3" and "PK"
87)     
88)     <p>
Andrew Lewman update hidden service examp...

Andrew Lewman authored 12 years ago

89)     Step four: When the descriptor is present and the rendezvous
90)     point is ready, the client assembles an <em>introduce</em> message
91)     (encrypted to the hidden service's public key) including the address
92)     of the rendezvous point and the one-time secret. The client sends
93)     this message to one of the introduction points, requesting it be
94)     delivered to the hidden service. Again, communication takes place
95)     via a Tor circuit: nobody can relate sending the introduce message
96)     to the client's IP address, so the client remains anonymous.
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

97)     </p>
98)     
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

99)     <img alt="Tor hidden service step four" src="$(IMGROOT)/THS-4.png">
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

100)     
101)     <p>
102)     Step five: The hidden service decrypts the client's introduce message
Andrew Lewman update hidden service examp...

Andrew Lewman authored 12 years ago

103)     and finds the address of the rendezvous point and the one-time secret
104)     in it. The service creates a circuit to the rendezvous point and
105)     sends the one-time secret to it in a rendezvous message.
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

106)     </p>
107)     
108)     <p>
109)     At this point it is of special importance that the hidden service sticks to
110)     the same set of <a
Roger Dingledine fix a bunch of broken links...

Roger Dingledine authored 14 years ago

111)     href="<wikifaq>#Whatsthisaboutentryguardformerlyknownashelpernodes">entry
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

112)     guards</a> when creating new circuits. Otherwise an attacker
113)     could run his own relay and force a hidden service to create an arbitrary
114)     number of circuits in the hope that the corrupt relay is picked as entry
115)     node and he learns the hidden server's IP address via timing analysis. This
116)     attack was described by &Oslash;verlier and Syverson in their paper titled
117)     <a href="http://freehaven.net/anonbib/#hs-attack06">Locating Hidden
118)     Servers</a>.
119)     </p>
120)     
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

121)     <img alt="Tor hidden service step five" src="$(IMGROOT)/THS-5.png">
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

122)     # it should say "Bob connects to Alice's ..."
123)     
124)     <p>
125)     In the last step, the rendezvous point notifies the client about successful
126)     connection establishment. After that, both client and hidden service can
127)     use their circuits to the rendezvous point for communicating with each
128)     other. The rendezvous point simply relays (end-to-end encrypted) messages
129)     from client to service and vice versa.
130)     </p>
131)     
132)     <p>
133)     One of the reasons for not using the introduction circuit
134)     for actual communication is that no single relay should
135)     appear to be responsible for a given hidden service. This is why the
136)     rendezvous point never learns about the hidden service's identity.
137)     </p>
138)     
139)     <p>
140)     In general, the complete connection between client and hidden service
141)     consists of 6 relays: 3 of them were picked by the client with the third
142)     being the rendezvous point and the other 3 were picked by the hidden
143)     service.
144)     </p>
145)     
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

146)     <img alt="Tor hidden service step six" src="$(IMGROOT)/THS-6.png">
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

147)     
148)     <p>
149)     There are more detailed descriptions about the hidden service protocol than
150)     this one. See the
151)     <a href="<svnprojects>design-paper/tor-design.pdf">Tor design paper</a>
152)     for an in-depth design description and the
Sebastian Hahn Fix a link to the rend spec...

Sebastian Hahn authored 13 years ago

153)     <a href="<specblob>rend-spec.txt">rendezvous specification</a>