wiki:doc/NextGenOnions

Intro to Next Gen Onion Services (aka prop224)

Welcome to the next level in overlay networks: Tor's Next Generation Onion Services!

Tor as of version 0.3.2.1-alpha supports the next-gen onion services protocol for clients and services! As part of this release, the core of proposal 224 has been implemented and is available for experimentation and testing by our users. This newer version of onion services ("v3") features many improvements over the legacy system, including:

  1. Better crypto (replaced SHA1/DH/RSA1024 with SHA3/ed25519/curve25519)
  2. Improved directory protocol, leaking much less information to directory servers.
  3. Improved directory protocol, with smaller surface for targeted attacks.
  4. Better onion address security against impersonation.
  5. More extensible introduction/rendezvous protocol.
  6. A cleaner and more modular codebase.

You can identify a next-generation onion address by its length: they are 56 characters long, as in 4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion.

The specification for next gen onion services can be found here: https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt

[This page will remain read-only for the next few days. Please contact asn for any additions.]

Current state

Initial client/service support introduced in tor-0.3.2.1-alpha. Project currently in testing and bugfixing phase.

See this blog post for a Tor Browser alpha release with v3 onion support!

In the future, we plan to release more features for v3 onion services, but we first need a testing period for the current codebase to mature and become more robust. Planned features include: offline keys, advanced client authorization, improved guard algorithms, and statistics. For full details, see rend-spec-v3.txt.

Example prop224 services

You will need the latest Tor Browser stable (7.5) or alpha to visit these:

(Also NEVER trust onions you read on a wiki :) )

How to setup your own prop224 service

It's easy! Just use your regular onion service torrc and add HiddenServiceVersion 3 in your hidden service torrc block.

Here is an example torrc designed for testing:

SocksPort auto

HiddenServiceDir /home/user/tmp/hsv3
HiddenServiceVersion 3
HiddenServicePort 6667 127.0.0.1:6667

SafeLogging 0
Log notice stdout
Log notice file /home/user/tmp/hs/hs.log
Log info file /home/user/tmp/hs/hsinfo.log

You can then find your onion address at /home/user/tmp/hsv3/hostname.

You can also host both a v2 and a v3 service using two hidden service torrc blocks:

HiddenServiceDir /home/user/tmp/hsv2
HiddenServicePort 6667 127.0.0.1:6667

HiddenServiceDir /home/user/tmp/hsv3
HiddenServiceVersion 3
HiddenServicePort 6668 127.0.0.1:6667

Please let us know if you find any bugs!!!

How to help the next-gen onion development

We are still in testing & development stage so things are very liquid and in active development.

if you want to help with development, check out the list of open prop224 bugs.

Otherwise, if you are more of the bug hunting type, please check our code and spec for errors and inaccuracies. We would be thrilled to know about them :)

Last modified 7 weeks ago Last modified on Mar 30, 2018, 3:07:39 PM

Attachments (3)

Download all attachments as: .zip