david wong

Hey ! I'm David, a security consultant at Cryptography Services, the crypto team of NCC Group . This is my blog about cryptography and security and other related topics that I find interesting.

How does TOR works January 2015

I've always wondered how TOR (The Onion Router) worked and was a bit scared of digging into it. After all, bitcoin is pretty hard to grasp, how would TOR be different? But I found out that TOR was actually a pretty simple concept!

The official explanation is top notch. To sum up, instead of sending a packet to the destination (google.com for example), you choose a route of TOR nodes that will lead to that destination (usually 3 nodes). And for efficiency purpose you will keep that route for 10 minutes)

The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you


  • The first node only see who's sending the packet (you) and who it is for (the second node). It decrypts the payload and send it to the second node.
  • The second node only sees it came from the first node, decrypts the payload and send it to the third node
  • The third node sees it came from the second node, decrypts the payload and send it to the destination (in clear if you don't use ssl)

From TOR's FAQ:

Can't the third server see my traffic?
Possibly. A bad third of three servers can see the traffic you sent into Tor. It won't know who sent this traffic. If you're using encryption, such as visiting a bank or e-commerce website, or encrypted mail connections, etc, it will only know the destination. It won't be able to see the data inside the traffic stream. You are still protected from this node figuring out who you are and if using encryption, what data you're sending to the destination.

To be able to do this, this is where the encapsulation or rather onion routing technique is used.


As we know the route we are going to take, we can encrypt several time our packet. For example: we'll encrypt the packet router B will have to send to router C with the public key of router A. So when router A opens the packet and decrypts it with its private key, he only sees the encrypted payload destined to router B. He can then send it to router B and the latter will decrypt it and send the payload to router C and on and on. I think the picture is clearer than my explanations.

VoilĂ ! Not that hard huh?

PS: here's a list of potential attacks on TOR in their design paper

Well done! You've reached the end of my post. Now you can leave me a comment :)