Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Post Quantum Migration of Tor

Denis Berger, Mouad Lemoudden, William J Buchanan

TL;DR

The paper tackles the looming threat of quantum attacks on Tor by outlining a measurement-driven approach to assess post-quantum cryptography migration. It combines a literature-backed assessment of Tor’s architecture with a concrete local testbed to evaluate PQC options (notably Kyber, Dilithium, and lattice-based KEMs) and their impact on circuit-building, bandwidth, and cryptographic workloads. Through experimental benchmarks on constrained hardware (Raspberry Pi devices) and Open Quantum Safe libraries, it identifies promising PQC candidates (ML-KEM, sntrup761, ML-DSA, Falcon) and demonstrates that a hybrid, layer-by-layer migration is technically feasible, with overheads that can be managed in a staged rollout. The work provides practical guidance for Tor operators and researchers, offering a reproducible methodology for ongoing PQC evaluation and a framework for integrating PQC primitives into Tor’s handshake, TLS, and onion service layers with attention to bandwidth and latency tradeoffs.

Abstract

Shor's and Grover's algorithms' efficiency and the advancement of quantum computers imply that the cryptography used until now to protect one's privacy is potentially vulnerable to retrospective decryption, also known as \emph{harvest now, decrypt later} attack in the near future. This dissertation proposes an overview of the cryptographic schemes used by Tor, highlighting the non-quantum-resistant ones and introducing theoretical performance assessment methods of a local Tor network. The measurement is divided into three phases. We will start with benchmarking a local Tor network simulation on constrained devices to isolate the time taken by classical cryptography processes. Secondly, the analysis incorporates existing benchmarks of quantum-secure algorithms and compares these performances on the devices. Lastly, the estimation of overhead is calculated by replacing the measured times of traditional cryptography with the times recorded for Post Quantum Cryptography (PQC) execution within the specified Tor environment. By focusing on the replaceable cryptographic components, using theoretical estimations, and leveraging existing benchmarks, valuable insights into the potential impact of PQC can be obtained without needing to implement it fully.

Post Quantum Migration of Tor

TL;DR

The paper tackles the looming threat of quantum attacks on Tor by outlining a measurement-driven approach to assess post-quantum cryptography migration. It combines a literature-backed assessment of Tor’s architecture with a concrete local testbed to evaluate PQC options (notably Kyber, Dilithium, and lattice-based KEMs) and their impact on circuit-building, bandwidth, and cryptographic workloads. Through experimental benchmarks on constrained hardware (Raspberry Pi devices) and Open Quantum Safe libraries, it identifies promising PQC candidates (ML-KEM, sntrup761, ML-DSA, Falcon) and demonstrates that a hybrid, layer-by-layer migration is technically feasible, with overheads that can be managed in a staged rollout. The work provides practical guidance for Tor operators and researchers, offering a reproducible methodology for ongoing PQC evaluation and a framework for integrating PQC primitives into Tor’s handshake, TLS, and onion service layers with attention to bandwidth and latency tradeoffs.

Abstract

Shor's and Grover's algorithms' efficiency and the advancement of quantum computers imply that the cryptography used until now to protect one's privacy is potentially vulnerable to retrospective decryption, also known as \emph{harvest now, decrypt later} attack in the near future. This dissertation proposes an overview of the cryptographic schemes used by Tor, highlighting the non-quantum-resistant ones and introducing theoretical performance assessment methods of a local Tor network. The measurement is divided into three phases. We will start with benchmarking a local Tor network simulation on constrained devices to isolate the time taken by classical cryptography processes. Secondly, the analysis incorporates existing benchmarks of quantum-secure algorithms and compares these performances on the devices. Lastly, the estimation of overhead is calculated by replacing the measured times of traditional cryptography with the times recorded for Post Quantum Cryptography (PQC) execution within the specified Tor environment. By focusing on the replaceable cryptographic components, using theoretical estimations, and leveraging existing benchmarks, valuable insights into the potential impact of PQC can be obtained without needing to implement it fully.

Paper Structure

This paper contains 38 sections, 18 figures, 15 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Purpose
  4. Literature Review
  5. Tor Design and Architecture
  6. Circuits and Handshake
  7. Relay and Link Layer
  8. Schemes
  9. Key Exchange
  10. Signature
  11. Reflection
  12. Methodology and Design
  13. Technical Requirements
  14. Network Architecture
  15. Local Benchmark
  16. ...and 23 more sections

Figures (18)

  • Figure 1: Tor Circuit Creation. The /2 represents the version, as their older specifications became obsolete torspec.
  • Figure 2: Onion Services download and upload average speeds
  • Figure 3: Proportion of iterations per relay role for a given function. In this experiment, OS and middle relay are the same devices.
  • Figure 4: Execution speeds per function
  • Figure 5: Circuit build time. The Q1 and Q3 measurements are omitted from the graph.
  • ...and 13 more figures