
The Tor Project has released Arti 2.5.0, promoting its next-generation Counter Galois Onion (CGO) encryption scheme to stable status while also patching two denial-of-service (DoS) vulnerabilities affecting the Rust-based Tor implementation.
The release marks a significant milestone for Arti, the Tor Project's next-generation implementation written in Rust, as CGO is now included in full feature builds after spending several months in experimental status. The project has also enabled congestion control by default, promising faster network performance without requiring any additional user configuration.
The Tor Project first unveiled CGO in November 2025 as a major redesign of Tor's relay encryption layer. The new construction addresses longstanding cryptographic limitations in Tor's decades-old “tor1” scheme, including its susceptibility to tagging attacks due to ciphertext malleability, weak forward secrecy from long-lived encryption keys, and reliance on a short 4-byte SHA-1 digest for message integrity.
CGO instead uses a modern rugged pseudorandom permutation (RPRP) construction based on UIV+, encrypting and authenticating each Tor relay cell as a single cryptographic unit. This design makes unauthorized modifications immediately detectable, strengthens forward secrecy by rotating keys on every message, and replaces the legacy integrity check with a 16-byte authentication tag.
When the feature debuted, it was considered experimental while developers validated performance and interoperability. With Arti 2.5.0, CGO is now considered production-ready and included in full-feature builds, representing another step in the Tor Project's gradual migration away from its legacy C implementation.
DoS fixes
Arti 2.5.0 also addresses two medium-severity denial-of-service vulnerabilities.
The first, TROVE-2026-24, could allow a malicious directory mirror to crash Arti's network document parser, causing the tor-dirmgr task responsible for maintaining directory information to stop functioning. According to the Tor Project, the attack is difficult to perform stealthily because it generates crash logs that would alert users and developers to the issue.
The second flaw, TROVE-2026-27, stems from an inefficient algorithm that could be abused to stall CPU resources, potentially degrading client performance or rendering the application temporarily unresponsive. The Tor Project likewise says it has seen no evidence of active exploitation.
Faster performance and relay development
Another notable change is that congestion control is now enabled by default. Previously available as the stable flowctl-cc feature, the capability dynamically regulates traffic through Tor circuits to improve throughput and reduce latency without requiring manual configuration.
Arti 2.5.0 also continues the project's steady progress toward becoming a complete implementation of a relay and directory authority.
New additions include support for incoming ntor handshakes in CREATE2 cells, encoding and decoding of router descriptors and microdescriptors, consensus verification improvements, vote verification support, and expanded directory authority functionality.
In addition to these headline features, the update includes numerous API changes, bug fixes, testing improvements, documentation updates, and infrastructure enhancements as the Tor Project continues to build Arti into a full replacement for the legacy C-based Tor implementation.






Leave a Reply