TL;DR: Although often labeled a "dark web" associated with criminal activity and illicit marketplaces, Tor is an invaluable tool for protecting online privacy. Developers are now working to make the network even more effective at shielding users from cyberattacks.
The developers behind the Tor network have announced a major upcoming change. The free overlay network, which enables anonymous communication on the web, will soon adopt a new encryption algorithm, boosting security for an already powerful privacy tool.
In a detailed technical post, Tor programmers explained that they will retire one of the network's oldest and most critical encryption algorithms, known as "tor1." This algorithm currently handles encryption for data traveling through the multiple relays that make up a user's circuit within the Tor network.
Each client shares a symmetric key with every relay in its circuit and encrypts outgoing messages – or "relay cells" – with these keys. As a message passes through the relays, each layer of encryption is removed until it reaches the exit relay and finally its destination on the open web.
However, tor1's design leaves it vulnerable to certain security risks. The most notable is "tagging attacks," in which an attacker can manipulate traffic at a single point in the network. This manipulation produces predictable changes as the data moves through the circuit, potentially allowing a sophisticated adversary to trace encrypted communications.
While tagging attacks are the primary concern with tor1, the algorithm also has other weaknesses. It repeatedly reuses the same AES keys across an entire encrypted circuit, and its 4-byte authenticator provides only a one-in-four-billion chance of successfully forging a relay cell without detection.
To address these issues, Tor developers have designed a new encryption algorithm called Counter Galois Onion. CGO strengthens Tor's security by securing the entire encryption process: any attempt to tamper with a message causes the affected message and all subsequent messages in the same circuit to become unrecoverable.
The Tor team has been developing CGO for some time. It is already implemented in Arti, the Rust-based Tor client. A C version has also been built to support the broader relay infrastructure, since Arti/Rust relays are still in development.
As for when users can expect CGO in the Tor Browser, developers have not provided a specific timeline. They are currently tuning the algorithm for modern CPUs. While CGO will likely incur a performance cost compared to tor1, the team believes there is still room for optimization.
The Tor project is rebuilding one of the oldest cryptographic algorithms powering the dark web
