Tor Introduces New CGO Encryption System to Strengthen Network Security
Published
- CGO Replaces Tor1: Tor adopts the new Tor CGO encryption system to eliminate outdated cryptographic weaknesses.
- Stronger Security Measures: Wide-block encryption and tag chaining block tagging attacks and detect tampering instantly.
- Improved Integrity & Secrecy: Per-cell key updates and removal of SHA-1 boost forward secrecy and traffic protection.
Tor has rolled out a major upgrade to its relay encryption system, replacing its long-used “tor1” algorithm with a new, research-backed method called Counter Galois Onion (CGO). The update aims to deliver stronger protection against modern interception and tagging attacks that could threaten user privacy across the Tor network.
A Complete Move Away From SHA-1 and tor1 Encryption
The shift marks a significant step forward for Tor, as SHA-1 has been removed entirely from relay encryption. Tor1, the previous system, relied heavily on AES-CTR encryption and lacked hop-by-hop authentication, which created opportunities for sophisticated attackers to manipulate relay traffic. This made it possible, at least in theory, for a compromised relay to insert predictable modifications into data as it moved across the network.
Tor says tor1 also reused AES keys within circuits, limiting forward secrecy, and relied on a short 4-byte SHA-1 digest for authentication. While Tor considers only the first issue to be critically important, all of them represent outdated cryptographic practices that need replacement.
CGO now becomes the successor, offering a design that has been developed and analyzed by cryptography researchers and built to meet more rigorous, modern standards.
How CGO Strengthens Tor’s Defenses
CGO is based on a Rugged Pseudorandom Permutation known as UIV+, which supports several new protections across the network. According to Tor, the new system includes:
- Wide-block encryption, which prevents attackers from modifying data in ways that can be reversed or analyzed.
- Tag chaining, which links authentication information across cells so that any tampering becomes immediately noticeable.
- Per-cell key updates, meaning keys change with every cell. Even if one key is exposed, attackers cannot decrypt past traffic.
- Removal of SHA-1, replaced with a 16-byte authenticator for stronger integrity checks.
- Resistance to tagging attacks, one of the most notable improvements, since modified cells become unrecoverable.
Tor says these upgrades collectively improve confidentiality, authentication, and forward secrecy while keeping bandwidth overhead manageable.
What CGO Means for Tor Users
For everyday Tor Browser users, the upgrade will happen quietly in the background. No action is required, and the transition will roll out once integration and testing are complete.
CGO is being implemented in both the C-based Tor codebase and the Rust-powered Arti client. At the moment, it’s still considered experimental, with additional work planned around onion service negotiation and further performance tuning.
Tor has not yet confirmed when CGO will become the default encryption method across the network.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular