First stable version of Arti, the implementation of Tor in Rust

Rust is one of the trendy programming languages ​​and possibly the most driven by those looking for a successor to the veteran C. If in recent times we have reported the insistence of including it in Linux, now we echo the release of Arti 1.0 .0, an implementation of the Tor protocols built with the aforementioned Rust .

Those responsible for the Tor project have motivated the use of Rust for the creation of Arti in the presumed limitations that C carries: “Although C was a reasonable option when we started working on Tor in 2001, we always suffered from its limitations: it encourages an approach of unnecessary low-level for many programming problems, and using it safely requires painstaking care and effort. Because of these limitations, the pace of development with C has always been slower than we would have liked.”

The approach that C has imposed on Tor development has prevented the implementation of a more modular design , making almost everything connected to each other. Consequently, this makes it difficult to analyze the code and make safe improvements. With this panorama, those responsible for the project decided to experiment with Rust on the code base written in C to try to carry out a slow replacement process.

However, during this experimentation process, the first obstacle arose: the lack of modularity of the code written in C made it difficult to rewrite it in Rust. The parts that were isolated enough to be replaced turned out to be mostly too trivial, so the effort to replace them wasn’t worth much. In order for the Rust conversion to materialize, Tor maintainers tried to unravel the C modules in a process that was impractical if instability was not to be introduced.

Due to the difficulties encountered, the developers began in 2020 the creation of a Tor implementation in Rust that has ended up being what concerns us in this post: Arti . By late summer of that year he was able to connect to the Tor network, and by September he was able to send traffic anonymously. Thanks to a generous contribution from the Zcash Community Grants that began in 2021, the project was able to hire developers to speed up the process. By March 2022, the public API had matured enough to recommend the use of Arti in experimental implementations.

First stable version of Arti, the implementation of Tor in Rust

The implementation or reconstruction of Tor in Rust progressed until September 2022, the month in which Arti 1.0.0 was published. Those responsible say that this version is “ready for use in production” , so it should be possible to implement it in real contexts, having allegedly achieved “a similar degree of privacy, ease of use and stability that you would get with a Tor client in C. APIs should be (more or less) stable for integrators.”

To summarize the improvements and novelties of Arti 1.0.0, we find an improvement in the robustness of Bootstrap, the addition of a mechanism to report the status of Bootstrap, the creation of the performance profile through various metrics, a more stable API , the comparison of security with the implementation in C along with some new features in this regard, in addition to improving portability to iOS, Android and Windows.

As for the Rust language itself, which originated from Mozilla and now operates independently , Tor’s makers have said that it “has a reputation for being a difficult language with a finicky compiler, but the compiler’s finicky has been a great help. Development of comparable features has gone much faster, even considering that we are building most things for the second time. Some of the speed improvement is due to Rust’s more expressive semantics and a more usable library ecosystem, but much of it is due to the confidence that Rust provides security.”

Other things Tor developers have noted about Rust is much easier portability than in C ; its approach to high-level programming and general code, which helps create code faster; also that “the Rust standard library is not installed by default on our target systems, so it increases the size of our downloads.”

It seems that Tor has taken the development of Arti very seriously, hoping to introduce anti-censorship features, including bridges and pluggable transports, in version 1.1.0, with the intention of releasing it in October this year. While version 1 will focus on adding features (which may be conversions from the C implementation), the intention with version 2 is to focus efforts on pairing with the C implementation. software written in Java and Python is another stated goal.

Like everything that comes from Tor, Arti is Open Source as its source code published under the MIT and Apache 2 licenses. We’ll see how far it goes at the moment of truth, but from the project they seem to be clear that Rust will be their mainstay In the not too distant future.

Be the first to comment

Leave a Reply

Your email address will not be published.