Tor Project Releases New Version of Arti 1.0.0, Redeveloped in Rust Language to Make Tor More Secure

Arti is a redevelopment of Tor in the high-security language Rust, a version of the code that is officially considered more modular in design and more confident in its security.

Arti is now available for production environments, with similar privacy, usability, and stability as the C client Tor, and the Embedder API is nearing full stability.

Users can now connect to the Tor network using the Arti proxy, which anonymizes network connections. Officially, it is not recommended that users use a traditional web browser to point to Arti, as traditional browsers can leak a lot of private and identifiable information, and it is better to use the Tor browser.

Why Arti and how it is implemented?

Tor officials have been working on the Tor protocol in the Rust language since 2020, and the reason for rewriting Tor in Rust, officials explain that in 2001, C was a reasonable choice, but they gradually discovered the limitations of C, such as the fact that C encourages unnecessarily low-level approaches to many programming problems and solves program development problems, and that to use C safely requires a lot of effort, and also because of these limitations, C is always developed more slowly than expected.

Another important reason is that C has evolved over the years to become a less modular design, with almost everything linked together, and this makes it difficult to analyze code and make security improvements. The shift to developing in Rust is a good way to solve these problems, and in 2017, there was an official attempt to add Rust to the C Tor codebase in hopes of one day gradually replacing the code.

Started at Mozilla in 2010 and now maintained by the Rust Foundation, Rust has evolved over the years to become an independently maintained programming language with great ergonomics and performance, as well as strong security properties.

Because C code is not modular enough to be easily rewritten, getting the benefits of Rust code requires rewriting entire modules at once, not just one function at a time. But the parts of the code that are isolated enough to be replaced are mostly trivial, and the parts that really need to be replaced are all intertwined, so it is officially considered an impossible job to gradually replace them with Rust development without destabilizing the code.

In 2020, Tor co-founder Nick Mathewson began work on the Rust Tor version, then renamed Arti as the official version of Tor, and received funding from Zcash Community Grants (Zcash Community Grants), allowing Tor to hire more developers to join the development, after several beta After several beta releases, it has now finally reached the 1.0.0 milestone.

So, what about Rust?

In terms of development language changes, it is officially mentioned that in each comparable development phase, development in Rust encounters far fewer bugs than in the C development phase, and the errors encountered are almost always semantic/algorithmic errors, i.e., real programming problems, rather than errors in using the Rust language and its facilities.

Rust is known for its difficult language and picky compiler, and the pickiness of the compiler represents great rigor. Officially, it is mentioned that, in general, Rust code is more likely to be correct than C code under the same conditions, as long as it can be compiled and pass tests. Although it is the second build of Tor, and similar features are inherently faster to develop, officials emphasize that some of the increase in speed is due to Rust's more expressive semantics and more usable library ecosystem, but a large part is due to the confidence that comes with Rust's security.

However, Rust still has some drawbacks. Although Rust is more portable than C, it still needs to deal with differences between operating systems, and because Rust's standard libraries are not installed on the target system by default, they also increase the size of the executable file, and although improved support for development using platform-native TLS is sufficient to eliminate this problem, there is still some work to There is still some work to be done.

Officially, Arti is found to be more appealing to contributors than C Tor, with more code contributions and less friction, and new contributors are greatly helped in getting started by Rust's robust type system, excellent API documentation support, and security. These features can help them find areas to change and also give them more confidence when modifying unfamiliar code.