Documentation
PART 1 — Foundations of Hidden Networks
Module 2 —
2.2 Hidden Services Infrastructure: v2→v3 Transition, Cryptographic Upgrade

2.2 Hidden Services Infrastructure: v2→v3 Transition, Cryptographic Upgrade

Hidden services (now known as Onion Services) are one of Tor’s most important innovations.
Where onion routing hides a user, onion services hide a server.
This allows a website to exist without revealing its IP address, physical location, or hosting environment.

Between 2004 and 2017, Tor used version 2 (v2) hidden services.
Today, all modern onion services use version 3 (v3), which introduced a new design with stronger cryptography, significantly improved security, and modern threat-model resilience.

This chapter explains the architecture, the transition, and why the upgrade was essential.

A. What Is a Tor Hidden Service?

A Tor hidden service (or Onion Service):

  • hides the server’s network location

  • communicates only through Tor circuits

  • uses end-to-end encrypted interactions

  • is accessed through a .onion address

Unlike normal websites, onion services never expose their IP address or hosting server location to the public.

This is accomplished through rendezvous circuits and introduction points, explained below.

B. Architectural Overview of Onion Services

Onion services rely on these main components:

  1. Service Descriptor — a metadata file that helps clients find introduction points.

  2. Introduction Points (IPs) — relays selected by the onion service to receive connection requests.

  3. Rendezvous Point (RP) — a Tor relay where the client and the service meet anonymously.

  4. .onion Address — the domain-like identifier derived from a public key.

High-Level Workflow

  1. Server selects a few introduction points.

  2. Server publishes a descriptor to a distributed directory system (HSDirs).

  3. Client retrieves the descriptor using the .onion address.

  4. Client chooses a rendezvous point.

  5. Both build circuits to the RP.

  6. Anonymous communication begins.

Neither party learns the other’s IP address.

C. Why Tor Moved from v2 to v3 Hidden Services

Version 2 was functional but had several weaknesses:

1. Weak Cryptography

v2 used:

  • 1024-bit RSA keys

  • SHA-1 hashing
    These were becoming outdated by modern security standards.

2. Short Onion Addresses

v2 addresses were 16 characters, which allowed:

  • enumeration

  • impersonation attacks

  • lower security margins

3. HSDir (hidden service directory) weaknesses

v2 relied on HSDirs that could be “positioned” maliciously to gather descriptors, enabling certain deanonymization research attacks.

4. No Modern Crypto Agility

v2 lacked flexibility for future cryptographic upgrades and post-quantum considerations.

These limitations motivated Tor developers to redesign the system.

D. The v3 Hidden Services Architecture (Modern Standard)

v3 onion services introduced one of the most advanced anonymity architectures deployed at scale.

1. Stronger Cryptography

v3 uses:

  • ed25519 keys

  • SHA3 family hashing

  • 56-character onion addresses

  • modern “crypto-by-design” architecture

This upgrade dramatically increased resistance to attacks.

2. Powerful Address Security

v3 onion addresses are self-authenticating, derived from:

ed25519_public_key + checksum + version byte

This reduces impersonation and makes brute-force enumeration infeasible.

3. Improved Descriptor System

v3 redesigned how service descriptors are stored and retrieved.

Key improvements:

  • encryption of descriptors

  • per-day ephemeral keys

  • more secure placement of descriptors in the directory system

  • stronger resistance to targeted HSDir attacks

4. Introduction Point Reinforcement

v3 strengthens the interaction between clients and introduction points, reducing risks of exploitation.

5. Post-Quantum Consideration

While not fully post-quantum, v3 was built with:

  • modular cryptography

  • ability to upgrade algorithms in the future

This allows future resistance improvements without major architectural rewrites.

E. Structural Differences: v2 vs v3 Onion Services

Featurev2v3
Address Length16 chars56 chars
Crypto AlgorithmRSA-1024Ed25519
Hash FunctionSHA-1SHA3 / SHAKE
Descriptor EncryptionLimitedStrong, multi-layered
HSDir VulnerabilitiesPresentHighly reduced
Service IdentityLess secureCryptographically stronger
Enumeration RiskHigherNearly impossible
Protocol ModernityLegacyCurrent & future-proof

v3 was designed explicitly to remove the shortcomings of v2.

F. v3 Descriptor System: How It Works (High-Level)

v3 descriptors introduce several important components:

1. Blinded Keys

Each day, the onion service derives a temporary key based on its master key.
This prevents long-term tracking.

2. Replicated Descriptor Placement

Descriptors are stored at multiple directory nodes to ensure:

  • availability

  • robustness

  • protection against targeted enumeration

3. Encrypted Descriptors

Clients need the correct cryptographic material to decrypt descriptors.
This stops passive HSDir snooping.

G. Security Improvements in v3 (Academic Perspective)

Research has shown v3 onion services improve:

1. Resistance to HSDir Attacks

Rotating blinded keys and randomized descriptor placement reduce targeted takeover opportunities.

2. Strong Identity Binding

The longer, crypto-derived domain prevents impersonation and phishing.

3. Metadata Protection

v3 includes additional protections for preventing service enumeration and behavior analysis.

4. Better Code and Protocol Design

Tor developers incorporated lessons from:

  • traffic correlation studies

  • descriptor harvesting research

  • malicious relay investigations

v3 reflects nearly a decade of academic findings.

941536ed3b6958fbb24d111235d807bf.png

81ee98efb111e5ad073de3fb19211c90.png

docs