- Published on
An impact report from the front-lines of nostr relay development.
Onion routing
Tor, The Onion Router, onion services, hidden services
A privacy technique that relays traffic through a chain of intermediate nodes wrapped in layered encryption, so no single hop can link the sender to the destination. The technique behind Tor.
Onion routing wraps a message in multiple layers of encryption, each addressed to one of a chain of intermediate relays. Each relay peels off its own layer and forwards what remains to the next hop. Because a relay can only decrypt the layer addressed to it, no relay sees both the initial sender and the final receiver. An observer watching the sender's network sees a connection to the first relay and nothing else; an observer watching the destination sees a connection from the last relay and nothing else.
The main deployed onion routing network is Tor, a volunteer-run network that carries traffic through three-hop circuits. Tor also defines onion services (sometimes called hidden services): servers that accept inbound connections through the network and expose a .onion address instead of a public IP or DNS name. The connection stays end-to-end encrypted between the two peers.
Bitcoin software uses onion routing to connect to peers, fetch fee data, and publish reachable nodes without a public IP. Bitcoin Core ships built-in support for Tor v3 onion services, and Lightning nodes typically do the same. Lightning also uses onion routing to forward payments hop by hop. A forwarding node sees the incoming channel, the outgoing channel, and the forwarding instructions for that hop. Running a full node behind an onion service keeps the operator's IP address private and removes the need to open ports on a home network.