Why proxies don't work?

Proxy

User

Server

If the adversary can monitor the traffic between proxy and the user and the proxy and server. He can trace the user.

Things to know

Alice and Bob agree to use a modulus p = 23 and base g = 5 (which is a primitive root modulo 23).
Alice chooses a secret integer a = 6, then sends Bob A = g^a mod p
A = 5^6 mod 23 = 8
Bob chooses a secret integer b = 15, then sends Alice B = g^b mod p
B = 5^15 mod 23 = 19
Alice computes s = B^a mod p
s = 19^6 mod 23 = 2
Bob computes s = A^b mod p
s = 8^15 mod 23 = 2
Alice and Bob now share a secret (the number 2).

The user first requests the directory server for a list of relays. This also contains information about their public keys.
The user then starts talking to the guard relay (using asymmetric encryption)
Then it iteratively builds a circuit one-hop at a time.
- Each hop associates a unique CircID.
  - To extend the circuit to a third node or beyond, Alice proceeds as above, always telling the last node in the circuit to extend one hop further
    - Symmetric keys are shared between each OR in the circuit. To ensure Private forward Secrecy.
To extend the circuit further, Alice sends a relay extend cell to Bob, specifying the address of the next OR (call her Carol), and an encrypted g x2 for her.

Iran
- block "/tor/"
- liberation number "p"
- block if SSL certificate expires within 2 hours
Tunisia - only port 80
China
- block public relays
- block public bridges
- follow up on connections, say hello, check what he says

Bob builds circuits to Introduction Points and share his public key with them.