diff options
| author | Nick Mathewson <nickm@torproject.org> | 2023-10-12 12:27:58 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2023-10-12 12:27:58 -0400 |
| commit | f7e5a95ee96d8ef52c1732d066c1249a6f84391e (patch) | |
| tree | 2e1ddd85f471143518d0df7c7645d066d43bc149 /spec/rend-spec-v3/publishing-shared-random-values-pub-sharedrandom.md | |
| parent | e4e0d93d56ee8c1aec4c2efaa7046b651f0fe55c (diff) | |
| download | torspec-f7e5a95ee96d8ef52c1732d066c1249a6f84391e.tar.gz torspec-f7e5a95ee96d8ef52c1732d066c1249a6f84391e.zip | |
Convert text specifications to mdbook.
Diffstat (limited to 'spec/rend-spec-v3/publishing-shared-random-values-pub-sharedrandom.md')
| -rw-r--r-- | spec/rend-spec-v3/publishing-shared-random-values-pub-sharedrandom.md | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/spec/rend-spec-v3/publishing-shared-random-values-pub-sharedrandom.md b/spec/rend-spec-v3/publishing-shared-random-values-pub-sharedrandom.md new file mode 100644 index 0000000..51f3624 --- /dev/null +++ b/spec/rend-spec-v3/publishing-shared-random-values-pub-sharedrandom.md @@ -0,0 +1,47 @@ +<a id="rend-spec-v3.txt-2.3"></a> +## Publishing shared random values [PUB-SHAREDRANDOM] + +Our design for limiting the predictability of HSDir upload locations +relies on a shared random value (SRV) that isn't predictable in advance or +too influenceable by an attacker. The authorities must run a protocol +to generate such a value at least once per hsdir period. Here we +describe how they publish these values; the procedure they use to +generate them can change independently of the rest of this +specification. For more information see [SHAREDRANDOM-REFS]. + +According to proposal 250, we add two new lines in consensuses: + +```text + "shared-rand-previous-value" SP NUM_REVEALS SP VALUE NL + "shared-rand-current-value" SP NUM_REVEALS SP VALUE NL +``` + +<a id="rend-spec-v3.txt-2.3.1"></a> +### Client behavior in the absence of shared random values + +If the previous or current shared random value cannot be found in a +consensus, then Tor clients and services need to generate their own random +value for use when choosing HSDirs. + +To do so, Tor clients and services use: + +SRV = H("shared-random-disaster" | INT_8(period_length) | INT_8(period_num)) + +where period_length is the length of a time period in minutes, +rounded down; period_num is calculated as specified in +[TIME-PERIODS] for the wanted shared random value that could not be +found originally. + +<a id="rend-spec-v3.txt-2.3.2"></a> +### Hidden services and changing shared random values + +It's theoretically possible that the consensus shared random values will +change or disappear in the middle of a time period because of directory +authorities dropping offline or misbehaving. + +To avoid client reachability issues in this rare event, hidden services +should use the new shared random values to find the new responsible HSDirs +and upload their descriptors there. + +XXX How long should they upload descriptors there for? + |