Over the past four years, the Tor Project has been working on a new implementation of its onion services in order to bolster the security it offers; now it's officially launched it with some of the latest alpha releases and will slowly work its way to become the default and replace the old implementation.
Discussing the cryptography that’s used in the new implementation, George Kadianakis, from the Tor Project, said:
“We are looking at cutting-edge crypto algorithms and improved authentication schemes. On the protocol end, we redesigned the directory system to defend against info leaks and reduce the overall attack surface. For example, did you know that in the legacy onion system, the network could learn about your onions? However, with this next-generation design, you onion address is completely private and only known to you and whoever you choose to disclose it to.”
The new implementation is also made more secure by the use of a cleaner codebase which will mean fewer bugs will go unnoticed, and make developers’ lives a lot less stressful. The changes, according to the Tor Project, are “needed” because they fix the shortcomings of the old design but also act as a strong foundation for future onion work.
Going forward the new and old implementations will sit side by side while bugs are squashed and new features are implemented. When it gets to an acceptable level, the new implementation will become the default offering and then when the community gives the go-ahead the old implementation will be phased out - this is expected to happen over the course of a few years to prevent destabilisation.