Cryptography Reference
In-Depth Information
packet, it will be
S
beta
that delivers it to the final destination
and it will be
S
beta
that will accept any communication for her
as her proxy.
This description leaves out a number of details of how the nego-
tiation is accomplished but they can be found in the original papers.
[ØS07a, DMS04, SRG00, STRL00, SGR97, RSG98]
After building these keys, Alice now has a way to communicate
with Bob. A round trip might look like this:
1. Alice encrypts the packet of data,
M
,with
key
alice,beta
produc-
ing
E
key
alice,beta
(
M
)
.
2. Alice encrypts this encrypted packet again with
key
alice,alpha
producing:
E
key
alice,alpha
(
E
key
alice,beta
(
M
))
3. Alice sends this to
S
alpha
.
4.
S
alpha
strips away the outer layer to get
E
key
alice,beta
(
M
)
and
sends this to
S
beta
.
5.
S
beta
strips away the inner layer and uncovers
.Thispacketof
data could be any low-level TCP packet like an HTTP web page
request.
M
6.
S
beta
sends off
M
and gets back any response, call it
R
.
7.
S
beta
encrypts the response with the key shared with Alice pro-
ducing:
E
key
alice,beta
(
R
)
and pass this on to
S
alpha
.
8.
S
beta
encrypts the response with the key shared with Alice pro-
ducing:
E
key
alice,alpha
(
E
key
alice,beta
(
R
))
and pass this on to Alice.
9. Alice strips away both of the layers of encryption to get
R
.
Thisprocessisoftencalled
telescoping
, a reference to the old col-
lapsible spyglasses built from nesting tubes.
10.7.2 More Indirection: Hidden Services
The basic Onion Routing system hides the identity of one end of a
conversation, call it the client, from the other by passing the bits
through a cloud of proxies. There's no reason why the system can't
also hide the destination, the so-called server, from the client if the
proxy servers in the middle of the cloud can be trusted to keep some
secrets about the destination of the information. This is a reasonable