Onion Routing - Onions - Routing Onions - Circuit Establishment and Sending Data

Circuit Establishment and Sending Data

To create and transmit an onion, the following steps are taken:

1. The originator picks nodes from a list provided by a special node called the directory node (traffic between the originator and the directory node may also be encrypted or otherwise anonymised or decentralised); the chosen nodes are ordered to provide a path through which the message may be transmitted; this ordering of the nodes is called a chain or a circuit. No node within the circuit, except for the exit node, can infer where in the chain it is located, and no node can tell whether the node before it is the originator or how many nodes are in the circuit.
2. Using asymmetric key cryptography, the originator uses the public key (obtained from the directory) of the first node in the circuit, known as the entry node, to send it an encrypted message, called a create cell, containing:
   1. A circuit ID. The circuit ID is random and different for each connection in the chain.
   2. A request for the receiving node (i.e. the entry node in this case) to establish a circuit with the originator.
   3. The originator's half of a Diffie-Hellman handshake (to establish a shared secret).
3. The entry node, which just received one half of the handshake, replies to the originator, in unencrypted plaintext:
   1. The entry node's half of the Diffie-Hellman handshake.
   2. A hash of the shared secret, so that the originator can verify that he/she and the entry node share the same secret.
4. Now the entry node and originator use their shared secret for encrypting all their correspondence in symmetric encryption (this is significantly more efficient than using asymmetric encryption). The shared secret is referred to as a session key.
5. A relay cell, as opposed to a command cell like the create cell used in the first step, is not interpreted by the receiving node, but relayed to another node. Using the already established encrypted link, the originator sends the entry node a relay extend cell, which is like any relay cell, only that it contains a create cell intended for the next node (known as the relay node) in the chain, encrypted using the relay node's public key and relayed to it by the entry node, containing the following:
   1. A circuit ID. Once again, it is arbitrary, and is not necessarily for this connection as it is for the previous.
   2. A request from the entry node to the relay node to establish a circuit.
   3. The originator's half of a Diffie-Hellman handshake. Once again, the new node cannot tell whether this handshake originated from the first node or the originator, it is irrelevant for operating the chain.
6. The relay node, similar to the first step, replies with its half of the handshake in plain text along with a hash of the shared secret.
7. As the entry node - relay node circuit has been established, the entry node replies to the originator with a relay extended cell, telling it that the chain has been extended, and containing the hash of the shared secret along with the relay node's half of the handshake. The originator and the relay node now share a secret key.
8. To extend the chain further, the originator sends the entry node a relay cell which contains a relay cell that only the relay node can decrypt, instructing the relay node to extend the chain further. The process can be repeated as above to as many nodes as possible. In Tor, for example, chains are limited to 3 nodes: the entry node, the relay node, and the exit node.

When the chain is complete, the originator can send data over the Internet anonymously. For example, if the originator wishes to open a website, the originator's onion proxy (typically running a SOCKS proxy) forwards the request from the originator's browser to the originator's local onion router (which controls the circuits). The onion router creates the following cell:

• {RELAY C1:

• [RELAY

• (Send HTTP request to IP-of-webpage)]}

Where curly brackets indicate content encrypted with the entry node's shared key, square brackets content encrypted with the relay node's key, and regular brackets content encrypted with the exit node's key.

Upon receiving the cell, the entry node only sees the following:

• RELAY C1:

• ENCRYPTED CONTENT

The entry node knows that relay requests for circuit ID 1 (C1) should be relayed to circuit ID 2 (C2), since it received a request from the originator to extend the circuit earlier. For this reason, there is no need for the originator to know the circuit IDs, it is enough for it to tell the entry node which circuit it refers to. The entry node takes the payload and sends a relay cell to the relay node.

Upon receiving the relayed cell from the entry node, the relay node sees the following:

• RELAY C2:

• ENCRYPTED CONTENT

The relay node follows the same protocol as the entry node and relays the payload to the exit node. The exit node sees this:

• RELAY C3:

• Send HTTP request to IP-of-webpage

The exit node proceeds to sending an HTTP request to the website.