The Tor Project has introduced a major upgrade to its cryptographic system, replacing its long-standing relay encryption algorithm with the new Counter Galois Onion (CGO) design.
CGO is a research-backed encryption method built to protect against more advanced and sophisticated online attacks.
Tor’s relay encryption is different from the TLS used between relays and clients — it secures user data as it passes through multiple relays, with each layer being removed at every hop.
The older system, now called “tor1,” dates back to Tor’s early days and, while effective, has known weaknesses demonstrated through research. This upgrade marks a significant step in strengthening Tor’s overall security.
Critical Vulnerabilities Addressed in Tor1
The Tor1 protocol, while foundational for anonymous communication, contains several structural weaknesses that expose users to serious privacy risks. These issues range from cryptographic flaws to exploitable tagging attacks that can undermine anonymity before any real traffic even begins.
One of the most critical vulnerabilities lies in tagging attacks.
In this scenario, an active adversary modifies encrypted traffic at a single point in the network and observes predictable changes elsewhere.
Because Tor1 uses AES-128-CTR without hop-by-hop authentication, the ciphertext becomes malleable. This allows attackers to:
- Inject specific bit patterns using XOR
- Embed identifiers such as IP addresses
- Ensure these modifications survive every layer of decryption
- Track the traffic end-to-end without detection
This leads to what researchers call an “Internal Covert Channel”, enabling reliable deanonymization long before any application data is exchanged.
Weak Cryptographic Foundations
Beyond tagging issues, Tor1’s cryptography adds more risks:
• Limited Forward Secrecy
Session keys remain valid for the entire circuit lifetime.
If compromised, all historical traffic becomes exposed.
• Weak Integrity Protection
Tor1 uses a 4-byte authentication digest, giving roughly a 1-in-4-billion chance of forgery.
Instead of relying on strong cryptography, the protocol leans heavily on path-bias detection.
• Use of SHA-1
The hashing function SHA-1 is now considered weak and vulnerable to collision attacks, further reducing trust.
CGO: A Stronger, Modern Alternative
A new approach — CGO — was developed by cryptographers Jean Paul Degabriele, Alessandro Melloni, Jean-Pierre Münch, and Martijn Stam to directly address Tor1’s shortcomings.
CGO implements a Rugged Pseudorandom Permutation (RPRP), designed specifically for Tor’s asymmetric encryption needs.
Key Improvements Include:
- Strong resistance to one-way tagging attacks
- A more robust and modern cryptographic structure
- Avoiding costly two-pass computations
- Using the UIV+ method to provide tagging resistance efficiently and securely
Strengthening these core cryptographic components is essential for preserving anonymity in modern networks. As attackers grow more capable, protocols like Tor must evolve with more resilient designs such as CGO.
Follow Us on: Linkedin, Instagram, Facebook to get the latest security news!
Leave A Comment