Tor introduces Counter Galois Onion (CGO) to replace tor1 and harden relay encryption across clients and relays.
Counter Galois Onion Strengthens Tor Relay Encryption
WRITTEN BY
SHARE
On 24 November 2025 Tor announces adoption of Counter Galois Onion (CGO) for relay encryption, with implementations underway in Arti (Rust) and C Tor to protect circuit traffic from tagging attacks, add forward secrecy, and modernize authenticators; development work includes refactoring relay cell handling and experimental enablement in Arti.
CGO uses a Rugged Pseudorandom Permutation (RPRP) called UIV+ to provide wide-block encryption, chaining tags and nonces for tamper resistance, and replaces the 4-byte digest with a 16-byte authenticator—key changes intended to prevent internal covert-channel tagging, provide immediate forward secrecy, and reduce malleability; next steps are enabling CGO by default in Arti, negotiating CGO for onion services (Arti-only likely), and performance tuning for modern CPUs.
Read More: Stack Duo Gains Tor Support for Monero and Bitcoin
🧭 FAQs
• What is Counter Galois Onion and when was it announced for Tor? CGO is a new relay encryption algorithm announced 24 November 2025.
• Which Tor implementations will support CGO and in which jurisdictions? Arti (Rust) and C Tor will support CGO, applicable globally where Tor software is used.
• How does CGO improve security for Tor users in local networks? CGO prevents tagging attacks, adds forward secrecy, and lengthens authenticators for stronger local-network protection.
• When will Arti enable CGO by default and what are next deployment steps? Arti plans to enable CGO by default after experimental testing, then implement onion-service negotiation and CPU performance tuning.
