Onion-Routed Multi-Circuit Key Establishment for Quantum-Resilient Sessions

TL;DR

This paper introduces a quantum-resistant session-key establishment method using multi-circuit onion routing, distributing key fragments across multiple Tor circuits to enhance security against future quantum attacks.

Contribution

The authors propose a novel multi-circuit key distribution scheme leveraging onion routing, providing quantum resilience and implementing a practical prototype with measured latency.

Findings

Average key establishment time is 13-20 seconds.

Approximately 88% of delay is due to Tor-related factors.

Security relies on the difficulty for adversaries to deanonymize all circuits.

Abstract

Public-key primitives that today anchor session-key establishment - RSA, Diffie-Hellman, and elliptic-curve cryptography - reduce to integer factorization or discrete logarithm and are therefore vulnerable to Shor's algorithm on a sufficiently capable quantum computer. The harvest-now, decrypt-later (HNDL) threat model turns this future capability into a present liability: ciphertext archived today can be decrypted retrospectively once a cryptographically relevant quantum computer becomes available. We propose a session-key establishment scheme that distributes a freshly generated key as multiple, independently encrypted fragments across distinct, ephemeral Tor circuits between an onion-service proxy and an onion-service client. Reconstruction requires every fragment; each fragment travels its own per-bundle circuit established via a NEWNYM signal. The security argument rests on the standard end-to-end correlation bound for onion routing: an adversary controlling a fraction of Tor relays must independently deanonymize every fresh circuit to correlate the fragments belonging to one session, and the per-fragment probability of success decays multiplicatively in the number of fragments. We implement the design as a Flask-based prototype on AWS EC2, with both the proxy and the client deployed as Tor onion services, and measure end-to-end key-establishment latency. The implemented prototype completes a key establishment in 13-20 s on average (7-50 s including tails), of which approximately 88% is attributable to Tor-related delay - a cost we discuss in the context of the privacy-versus-responsiveness trade-off.