Tor adds another layer to the onion with a new relay encryption algorithm - boosting resilience and security across the board

Counter Galois Onion (CGO) is a new relay encryption algorithm designed to replace Tor's older tor1 encryption. It uses a Rugged Pseudorandom Permutation (RPRP) construction to provide wide-block encryption, which means that any tampering with encrypted data causes the entire message and subsequent messages to become unrecoverable. CGO also implements immediate forward secrecy by updating encryption keys after processing each cell, preventing decryption of past messages even if current keys are compromised. Additionally, it replaces the weak 4-byte SHA-1 digest with a stronger 16-byte authenticator, modernizing authentication and enhancing resistance to tagging attacks and other tampering methods. Overall, CGO strengthens user privacy, prevents tagging attacks, and modernizes authentication across Tor circuits without significant bandwidth overhead.

Tagging attacks involve an adversary modifying encrypted traffic in a way that can later be recognized to trace or deanonymize users. In Tor's previous tor1 encryption, tagging attacks could exploit weaknesses in the encryption and authentication to compromise user privacy. CGO protects against tagging attacks by using wide-block encryption and tag chaining, so that any modification to a cell makes the entire cell and all future cells unrecoverable. This design prevents attackers from successfully inserting identifiable patterns into the encrypted data, thereby blocking tagging attacks and enhancing the overall anonymity and security of Tor users.