2.2 Hidden Services Infrastructure: v2→v3 Transition, Cryptographic Upgrade

Hidden services (now known as Onion Services) are one of Tor’s most important innovations.
Where onion routing hides a user, onion services hide a server.
This allows a website to exist without revealing its IP address, physical location, or hosting environment.

Between 2004 and 2017, Tor used version 2 (v2) hidden services.
Today, all modern onion services use version 3 (v3), which introduced a new design with stronger cryptography, significantly improved security, and modern threat-model resilience.

This chapter explains the architecture, the transition, and why the upgrade was essential.

---

A. What Is a Tor Hidden Service?

A Tor hidden service (or Onion Service):

• hides the server’s network location

• communicates only through Tor circuits

• uses end-to-end encrypted interactions

• is accessed through a .onion address

Unlike normal websites, onion services never expose their IP address or hosting server location to the public.

This is accomplished through rendezvous circuits and introduction points, explained below.

---

B. Architectural Overview of Onion Services

Onion services rely on these main components:

1. Service Descriptor — a metadata file that helps clients find introduction points.

2. Introduction Points (IPs) — relays selected by the onion service to receive connection requests.

3. Rendezvous Point (RP) — a Tor relay where the client and the service meet anonymously.

4. .onion Address — the domain-like identifier derived from a public key.

High-Level Workflow

1. Server selects a few introduction points.

2. Server publishes a descriptor to a distributed directory system (HSDirs).

3. Client retrieves the descriptor using the .onion address.

4. Client chooses a rendezvous point.

5. Both build circuits to the RP.

6. Anonymous communication begins.

Neither party learns the other’s IP address.

---

C. Why Tor Moved from v2 to v3 Hidden Services

Version 2 was functional but had several weaknesses:

1. Weak Cryptography

v2 used:

• 1024-bit RSA keys

• SHA-1 hashing
  These were becoming outdated by modern security standards.

2. Short Onion Addresses

v2 addresses were 16 characters, which allowed:

• enumeration

• impersonation attacks

• lower security margins

3. HSDir (hidden service directory) weaknesses

v2 relied on HSDirs that could be “positioned” maliciously to gather descriptors, enabling certain deanonymization research attacks.

4. No Modern Crypto Agility

v2 lacked flexibility for future cryptographic upgrades and post-quantum considerations.

These limitations motivated Tor developers to redesign the system.

---

D. The v3 Hidden Services Architecture (Modern Standard)

v3 onion services introduced one of the most advanced anonymity architectures deployed at scale.

1. Stronger Cryptography

v3 uses:

• ed25519 keys

• SHA3 family hashing

• 56-character onion addresses

• modern “crypto-by-design” architecture

This upgrade dramatically increased resistance to attacks.

2. Powerful Address Security

v3 onion addresses are self-authenticating, derived from:

ed25519_public_key + checksum + version byte

This reduces impersonation and makes brute-force enumeration infeasible.

3. Improved Descriptor System

v3 redesigned how service descriptors are stored and retrieved.

Key improvements:

• encryption of descriptors

• per-day ephemeral keys

• more secure placement of descriptors in the directory system

• stronger resistance to targeted HSDir attacks

4. Introduction Point Reinforcement

v3 strengthens the interaction between clients and introduction points, reducing risks of exploitation.

5. Post-Quantum Consideration

While not fully post-quantum, v3 was built with:

• modular cryptography

• ability to upgrade algorithms in the future

This allows future resistance improvements without major architectural rewrites.

---

E. Structural Differences: v2 vs v3 Onion Services

Feature	v2	v3
Address Length	16 chars	56 chars
Crypto Algorithm	RSA-1024	Ed25519
Hash Function	SHA-1	SHA3 / SHAKE
Descriptor Encryption	Limited	Strong, multi-layered
HSDir Vulnerabilities	Present	Highly reduced
Service Identity	Less secure	Cryptographically stronger
Enumeration Risk	Higher	Nearly impossible
Protocol Modernity	Legacy	Current & future-proof

v3 was designed explicitly to remove the shortcomings of v2.

---

F. v3 Descriptor System: How It Works (High-Level)

v3 descriptors introduce several important components:

1. Blinded Keys

Each day, the onion service derives a temporary key based on its master key.
This prevents long-term tracking.

2. Replicated Descriptor Placement

Descriptors are stored at multiple directory nodes to ensure:

• availability

• robustness

• protection against targeted enumeration

3. Encrypted Descriptors

Clients need the correct cryptographic material to decrypt descriptors.
This stops passive HSDir snooping.

---

G. Security Improvements in v3 (Academic Perspective)

Research has shown v3 onion services improve:

1. Resistance to HSDir Attacks

Rotating blinded keys and randomized descriptor placement reduce targeted takeover opportunities.

2. Strong Identity Binding

The longer, crypto-derived domain prevents impersonation and phishing.

3. Metadata Protection

v3 includes additional protections for preventing service enumeration and behavior analysis.

4. Better Code and Protocol Design

Tor developers incorporated lessons from:

• traffic correlation studies

• descriptor harvesting research

• malicious relay investigations

v3 reflects nearly a decade of academic findings.