Arti
A new Rust-based Tor implementation
Nick Mathewsonnickm@torproject.org
29 April 2021
In this talk…
- Technical debt
- Perhaps Rust will help?
- The beginnings
- Arti today
- Arti in the future
- Q+A
Our software is showing its age.
![The ENIAC.]()
Worse things happen at C…
- Unsafety is everywhere
- Way too low-level
Worse things happen at C…
So:
- Caution and busywork make development slow…
- But security is still hard:
8/28 TROVE issues were memory safety.
5/28 were NULL-related.
“My billion-dollar mistake.”–Tony Hoare
5/28 other misc C workarounds.
Now let's talk about our architecture…
Tight coupling hardens our assumptions
- Changing one thing breaks others.
- Hard to test.
- Wants to be a proxy: hard to embed.
- Not much multithreading.
Perhaps Rust is the answer?
- High-level
- Memory safe; no NULLs
- “Fearless concurrency”
- Very strong & friendly ecosystem
![]()
Meet Ferris
Meet Ferris
Arti started as side-project
- 2019: Started out as a project to learn Rust.
- 2020 Aug: Took a sabbatical. Kept hacking.
- 2020 Sep: Public demo!
- 2021 Nov: Working stand-alone client!
Architecture might actually work!
Forget the details; enjoy the lines!
(Our C architecture, for reference)
Arti does some stuff better than C tor!
(Rust libraries get most of the credit)
- Efficient storage
- Already multithreaded
- Faster crypto!
- Uses system TLS
- Shared directory cache
- Test coverage!
But don't use Arti yet!
For 1.0 milestone:
- Fix privacy issues. (Guards, build timeouts, stream isolation)
- Refine, test, profile.
- Performance, usability, distribution.
- APIs for embedding and usability.
And then we implement the rest of it.
For 2.0 milestone:
- Onion services.
- Bridges and Transports
- Performance ≥ C.
- C FFI for non-Rust embedding.
- Ready to replace C client!
Then on to the relay side!
No estimates here yet; need to gain experience from the client-side development.
Questions?
See https://gitlab.torproject.org/tpo/core/arti/ for code, tickets, and milestones.
Thank you!