Tor just announced a major upgrade to the “plumbing” that keeps its network private. The organization is introducing a new relay encryption system called Counter Galois Onion, or CGO. This new method replaces the aging tor1 algorithm and aims to shut down modern techniques that attackers use to track users.
The old system had some cracks in its armor. It relied on a specific type of AES encryption that didn’t authenticate traffic at every single hop. This meant a clever adversary controlling specific relays could modify data in predictable ways—a technique known as a “tagging attack”—to trace traffic. The old method also reused keys and relied on SHA-1, an older security standard that experts no longer consider strong enough for critical privacy tools.
CGO fixes these issues by changing the math. Built on the UIV+ design, the new system uses wide-block encryption. This effectively blocks tagging attacks because any attempt to modify a data “cell” scrambles the traffic, rendering it unrecoverable. The system also updates keys after every single cell. If an attacker steals a key, they can’t use it to decrypt past traffic, thereby ensuring better forward secrecy.
Tor also ditched the old SHA-1 checks in favor of a stronger 16-byte authenticator. By chaining encrypted tags together, the network makes any tampering immediately obvious. The goal is to make these security leaps without slowing down the connection speed users expect.
Developers are currently adding CGO to both the original C version of Tor and the newer Rust-based Arti client. It is still in an experimental phase while the team smoothes out performance and ensures onion services work correctly. Regular Tor Browser users don’t need to change any settings. The software will switch to this stronger encryption automatically once the developers finish the rollout.
