Description
The Tor anonymity network uses key-blinding to generate blinded public keys that serve as pseudonyms for an onion
service’s public identity key, thereby hiding the identity of onion services while still allowing authentication.
Tor currently uses an Ed25519-based key-blinding signature scheme, which relies on the discrete logarithm problem
and will become insecure once sufficiently powerful quantum computers exist. This thesis integrates the post-quantum
key-blinding signature scheme BAEST (Blinded FAEST) into Tor’s v3 onion service protocol. The integration introduces
a new certificate type for BAEST signatures, and removes two redundant certificates from the encrypted layer of the
descriptor to mitigate the impact of BAEST’s larger signatures on the descriptor size. The descriptor size limit is
increased to accommodate the larger signatures. The implementation is evaluated using a local test network set up with
Chutney. The RTT from the client’s request to the onion service’s response is measured for the Ed25519 key-blinding scheme
and for both parameter sets of the BAEST key-blinding scheme. BAEST_F shows no statistically meaningful difference compared
to Ed25519, while BAEST_S is noticeably slower. An analysis of transfer costs on the real Tor network confirms that BAEST_F's
speed advantage outweighs its larger descriptor size, making it the better candidate for deployment.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching