Cryptography, Security, and Privacy (CrySP)

You are here

Cryptography, Security, and Privacy (CrySP) »

Private Information Retrieval for Onion Services

Edward Eaton, Sajin Sasy, and Ian Goldberg

Citation: Edward Eaton, Sajin Sasy, Ian Goldberg. "Improving the Privacy of Tor Onion Services". 20th International Conference on Applied Cryptography and Network Security, June 2022.

Paper: (ACNS 2022 version, extended version)

Abstract: Onion services enable bidirectional anonymity for parties that communicate over the Tor network, thus providing improved privacy properties compared to standard TLS connections. Since these services are designed to support server-side anonymity, the entry points for these services shuffle across the Tor network periodically. In order to connect to an onion service at a given time, the client has to resolve the '.onion' address for the service, which requires querying volunteer Tor nodes called Hidden Service Directories (HSDirs). However, previous work has shown that these nodes may be untrustworthy, and can learn or leak the metadata about which onion services are being accessed. In this paper, we present a new class of attacks that can be performed by malicious HSDirs against the current generation (v3) of onion services. These attacks target the unlinkability of onion services, allowing some services to be tracked over time.

To restore unlinkability, we propose a number of concrete designs that use Private Information Retrieval (PIR) to hide information about which service is being queried, even from the HSDirs themselves. We examine the three major classes of PIR schemes, and analyze their performance, security, and how they fit into Tor in this context. We provide and evaluate implementations and end-to-end integrations, and make concrete suggestions to show how these schemes could be used in Tor to minimize the negative impact on performance while providing the most security.

Code: To reproduce our PIR microbenchmark results (XPIR, SealPIR, ZeroTrace) within docker containers:

To perform end-to-end experiments, use our fork of tor below, which we modified to support PIR for hidden service descriptor lookups, as well as the pirserver and pirclient modules for interacting with that version of Tor: