2.1 Tor’s Onion Routing — Architectural Deep Dive
Onion routing is the central mechanism powering the Tor network.
It enables users to communicate across the internet without revealing their identity, location, or communication patterns.
This chapter explains how it works — not how to use it — focusing on the architecture, mathematical foundations, and design philosophy behind Tor’s routing model.
A. What Is Onion Routing?
Section titled “A. What Is Onion Routing?”Onion routing is a privacy-enhancing communication technique where data is wrapped in multiple layers of encryption — like layers of an onion — and routed through a sequence of relays.
Each relay knows only:
-
its previous hop
-
its next hop
but not the full route, nor the sender or receiver.
This prevents a single node from linking the source and destination.
B. The Three-Hop Circuit Architecture
Section titled “B. The Three-Hop Circuit Architecture”Tor’s routing operates through a three-relay chain, called a circuit.
Each relay performs a unique role.
1. Entry Guard (First Relay)
Section titled “1. Entry Guard (First Relay)”-
Knows the user’s IP address
-
Does not know the final destination
-
Protects the user from malicious first-hop relays
Entry guards remain stable for months to reduce attack surface.
2. Middle Relay (Second Relay)
Section titled “2. Middle Relay (Second Relay)”-
Only forwards encrypted data
-
Cannot see sender or destination
-
Breaks correlation between first and last hop
This “middle hop” ensures no single entity sees both ends.
3. Exit Relay (Third Relay)
Section titled “3. Exit Relay (Third Relay)”-
Knows the final destination
-
Does not know who the user is
-
Decrypts the final layer of encryption
-
Sends data to the clearnet (unless it’s a .onion service)
Key Principle
Section titled “Key Principle”No relay sees both the user and the destination.
This is the core anonymity property of Tor’s architecture.
C. Circuit Creation Process (High-Level)
Section titled “C. Circuit Creation Process (High-Level)”When a Tor user wants to connect:
-
Client obtains relay information from Tor directory authorities.
-
Client selects a guard → middle → exit relay.
-
A layered cipher is constructed using:
-
Diffie–Hellman key exchange
-
elliptic-curve cryptography (in v3)
-
-
A session key is negotiated with each relay.
-
The onion circuit becomes ready.
Every layer of encryption protects traffic from being interpreted by intermediate nodes.
D. Multi-Layer Encryption Explained
Section titled “D. Multi-Layer Encryption Explained”Each relay removes exactly one layer of encryption.
If the layers are represented as:
[ Exit Layer ][ Middle Layer ][ Guard Layer ]Payload
Then the path behaves like this:
-
Guard removes Guard Layer
-
Middle removes Middle Layer
-
Exit removes Exit Layer
-
Destination receives plaintext payload
This ensures:
-
confidentiality
-
unlinkability
-
independence of relays
Even if a relay is compromised, it cannot deanonymize the user alone.
E. Key Cryptographic Concepts Used in Onion Routing
Section titled “E. Key Cryptographic Concepts Used in Onion Routing”1. Elliptic Curve Diffie–Hellman (ECDH)
Section titled “1. Elliptic Curve Diffie–Hellman (ECDH)”Establishes symmetric session keys between client and relays.
2. AES Symmetric Encryption
Section titled “2. AES Symmetric Encryption”Fast encryption for each hop in the circuit.
3. TLS for Relay Communication
Section titled “3. TLS for Relay Communication”Relays communicate through TLS tunnels, protecting metadata between nodes.
4. Perfect Forward Secrecy
Section titled “4. Perfect Forward Secrecy”Even if keys leak in the future, past sessions remain protected.
5. Sphinx Packet Format (tor-layers influenced)
Section titled “5. Sphinx Packet Format (tor-layers influenced)”Not used directly in Tor, but conceptually similar to modern onion encryption designs (used by Nym).
F. How Tor Achieves Unlinkability
Section titled “F. How Tor Achieves Unlinkability”Tor prevents linking of sender and destination through:
1. Separate Knowledge Models
Section titled “1. Separate Knowledge Models”-
Guard only knows user.
-
Exit only knows destination.
-
Middle knows nothing useful.
2. Constant Relay Rotation
Section titled “2. Constant Relay Rotation”Circuits rotate every ~10 minutes to minimize long-term linkability.
3. Packet Padding & Cell Format
Section titled “3. Packet Padding & Cell Format”All Tor packets are standardized to fixed-size 512-byte cells, reducing traffic fingerprinting.
G. Limitations of Onion Routing (Academic Findings)
Section titled “G. Limitations of Onion Routing (Academic Findings)”Despite its strengths, onion routing has constraints noted by researchers:
1. Vulnerable to Global Passive Adversaries
Section titled “1. Vulnerable to Global Passive Adversaries”An entity monitoring both entry and exit traffic can attempt correlation.
2. Exit Relay Traffic Visibility
Section titled “2. Exit Relay Traffic Visibility”Exit relays see outbound, unencrypted traffic if the destination does not use HTTPS.
3. Latency
Section titled “3. Latency”Multiple hops create slower performance compared to direct connections.
4. Not Metadata-Perfect
Section titled “4. Not Metadata-Perfect”Timing and volume analysis are possible under certain conditions.
These are theoretical and research-level limitations, not instructions for misuse.
H. Why Tor Uses Three Hops (Not Two or Ten)
Section titled “H. Why Tor Uses Three Hops (Not Two or Ten)”Two hops
Section titled “Two hops”Too weak — single correlation attack becomes easier.
Three hops
Section titled “Three hops”Strong enough for anonymity while keeping latency manageable.
More than three hops
Section titled “More than three hops”Adds latency with limited anonymity gain.
Empirical research by Tor developers shows diminishing returns.
I. Hidden Services and Onion Routing
Section titled “I. Hidden Services and Onion Routing”For .onion websites, routing differs slightly:
-
Both client and server build circuits.
-
They meet at a rendezvous point.
-
Neither side sees the other’s IP.
This enables full mutual anonymity.