LLMpediaThe first transparent, open encyclopedia generated by LLMs

Onion routing

Generated by DeepSeek V3.2
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Tor (network) Hop 4
Expansion Funnel Raw 63 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted63
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Onion routing
NameOnion routing
CaptionThe logo of the Tor Project, the primary implementation of onion routing.
DeveloperUnited States Naval Research Laboratory
Introduced0 1995
Osi layerApplication layer

Onion routing. It is a technique for anonymous communication over a computer network, where messages are repeatedly encrypted and then sent through several intermediate network nodes called onion routers. Each router removes a single layer of encryption, revealing the next routing instructions, analogous to peeling an onion. This process hides the origin, destination, and content of the message from any single node, providing strong anonymity for its users. The most widely known implementation of this technology is the Tor network, developed by the Tor Project.

Overview

The fundamental goal of onion routing is to enable private, untraceable communication and web browsing by separating identification from routing. It operates as an overlay network on top of the public Internet, creating circuits through a series of volunteer-operated relays. This architecture is designed to protect against traffic analysis and network surveillance by entities such as Internet service providers or government agencies like the National Security Agency. By obscuring a user's Internet Protocol address, it allows for the circumvention of Internet censorship and the protection of whistleblowers, journalists, and political dissidents in regimes like those in Iran or China.

How onion routing works

A user's client software, such as the Tor Browser, first obtains a list of available relays from a trusted directory server. To establish a circuit, the client selects a path, typically three relays: an entry node, a middle relay, and an exit node. The client then constructs the onion by encrypting the message payload multiple times with the public keys of each relay in reverse order. The encryption process uses layered symmetric-key and asymmetric encryption schemes. When the entry node receives the data packet, it decrypts the outer layer using its private key, revealing the address of the next relay, and forwards the still-encrypted inner core. This process repeats at each hop until the exit node decrypts the final layer and sends the original data to the intended destination server, such as Wikipedia or a hidden service.

History and development

The original concept was pioneered in the mid-1990s by computer scientists Paul Syverson, Michael G. Reed, and David M. Goldschlag at the United States Naval Research Laboratory, with initial funding from the Office of Naval Research and the Defense Advanced Research Projects Agency (DARPA). Their work, detailed in a 1997 paper, was driven by a need for secure intelligence communication. The technology was further developed by the Tor Project, co-founded by Roger Dingledine and Nick Mathewson, with early support from the Electronic Frontier Foundation. A critical development was the creation of onion services (originally called hidden services), which allow servers to host content anonymously within the network itself, famously used by platforms like the Silk Road (marketplace).

Applications and usage

Beyond general privacy protection, onion routing networks are vital tools for specific high-risk activities. Investigative reporters from organizations like The Guardian or The New York Times use them to securely communicate with sources. Human rights organizations, including Amnesty International, employ the technology to operate in hostile environments. It is also instrumental for accessing information in countries with restrictive firewalls, a practice known as circumvention. Furthermore, the network hosts myriad .onion sites, ranging from privacy-focused email services like ProtonMail to forums and libraries that wish to avoid copyright enforcement or political scrutiny. Notably, entities like the Central Intelligence Agency and BBC News also operate official onion sites to provide secure access to their resources.

Security and limitations

While onion routing provides robust anonymity, it is not impervious to compromise. A significant threat is a correlation attack, where an adversary who controls both the entry and exit nodes of a circuit can perform end-to-end traffic analysis to potentially deanonymize a user. The network is also vulnerable to Sybil attacks, where a malicious actor operates a large number of relays to increase the probability of monitoring traffic. Furthermore, exit nodes can eavesdrop on unencrypted traffic leaving the network, such as plain HTTP sessions, and censorship technologies like Deep Packet Inspection can sometimes detect and block connections to known Tor relays. Despite these limitations, maintained by volunteers and researchers at institutions like the Massachusetts Institute of Technology, continuous improvements in protocols and relay diversity aim to strengthen its defenses against such exploits.

Category:Anonymity networks Category:Internet privacy Category:Application layer protocols