On Thu, Nov 29, 2012 at 11:07 PM, Mike Perry <[email protected]> wrote: > > Thus spake Nick Mathewson ([email protected]): > > > Title: Improved circuit-creation key exchange > > Author: Nick Mathewson > > > > Summary: > > > > This is an attempt to translate the proposed circuit handshake from > > "Anonymity and one-way authentication in key-exchange protocols" by > > Goldberg, Stebila, and Ustaoglu, into a Tor proposal format. > > > > It assumes that proposal 200 is implemented, to provide an extended CREATE > > cell format that can indicate what type of handshake is in use. > > > > Protocol: > > > > Take a router with identity key digest ID. > > > > As setup, the router generates a secret key b, and a public onion key > > B with b, B = KEYGEN(). The router publishes B in its server descriptor. > > > > To send a create cell, the client generates a keypair x,X = KEYGEN(), and > > sends a CREATE cell with contents: > > > > NODEID: ID -- H_LENGTH bytes > > KEYID: KEYID(B) -- H_LENGTH bytes > > CLIENT_PK: X -- G_LENGTH bytes > > I mentioned this on the ntor ticket (#7202), but it's probably worth > repeating here in case anyone has any suggestions or ideas: > > I think we really should consider a proof-of-work field on the client's > CREATE cell, so we have some form of response available in the event of > circuit-based CPU DoSes against Tor relays.
Not an issue: in 10 minutes a Core 2 Quad Intel machine can calculate 10 million ECC calculations. I think we'll be okay. -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
