How Does Tor Work?

In the latest episode of Bitcoin, Explained we deviate a little bit from the usual path in order to explain Tornado Cash, why its lead developer is still in Dutch jail, and what all this might mean for Bitcoin projects.

Reader question: what’s a good tutorial for a non-techie who wants to experiment with regtest (the Bitcoin test network that runs on your own machine)?

Todays newsletter opens chapter 2 from Bitcoin: A Work in Progress.

How Does Tor Work?

When you see a Tor address it looks quite weird (e.g. can also be reached using a Tor browser at 6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onio). That’s because it’s not a human readable name like a domain, but rather a public key that refers to a hidden service somewhere on the internet. The way you communicate to that hidden service isn’t directly — because you don’t know its IP address — but rather indirectly, through the Tor network.

Tor (short for The Onion Router) is an onion network, in which messages are passed around the network through multiple hops (or servers), with each hop peeling off one encrypted layer, like an onion. The last hop sends a message to the final destination, which peels off the final encryption layer that reveals the actual message. This makes it easy to maintain anonymity and security.

To connect, you use the Tor browser. This browser constructs onion packages for you. The messages are just the usual things browsers communicate: asking for an HTML document or image, and, in the other direction, receiving said document or image. The Tor browser first creates a message, which goes on the inside.^[It’s slightly more complicated: To protect the privacy of the recipient, the sender only wraps onions up until a rendezvous hop, which then forwards the message.] It wraps another message around it — which only the last hop before the hidden service can read — with instructions about where the final destination is. It then wraps another message with instructions for the second-to-last hop on how to reach the last hop, and so forth and so on.

Under the hood, this process uses IP addresses, but you don’t know the IP address of the destination Tor node you’re communicating with. Instead, you’re communicating with other Tor nodes, and each of those nodes communicates with its direct peers. So, everyone only knows the IP addresses of their direct peers, but they don’t know where a message originated from or where it ends up. Additionally, they can’t read the message because it’s encrypted.

To support this, all of these Tor nodes have their own sort of IP address — their onion address — and that’s what you’re communicating with directly. Meanwhile, Bitcoin Core nodes can run behind such a hidden service, which means everybody can have their Bitcoin node run at a secret location, resulting in IP addresses remaining secret.