For my third year project, I worked on allowing distribution in Tor hidden services. My report is available (the design archive is also).


Tor is an low latency, onion routing system that anonymizes TCP streams. One particular Tor feature is hidden services, these provide responder anonymity, this means the identity of the server providing the service, is hidden from the requester (user) of the service.

While modern web services, which can use techniques like anycast and DNS (domain name system) round robin to distribute clients across many servers, the main load for a Tor hidden service, will always go through a single node in the Tor network. This has implications for the availability and scalability of Tor Hidden Services, which has knock on implications anonymity of the hidden service, as downtime can possibly reveal information about its real world location. I aim to modify Tor to allow for distributed hidden services.

This was achieved, however a deterministic property was added to the introduction points, which can be used to attack the service. A approach to solve this is discussed.