Everything indicates that Rust is becoming a favorite within programming, since many application developers, whether independent, groups, communities or companies have begun to show their interest and especially to take action on the matter about implementing this language within their projects.
One of the most popular examples of these moments in relation to open source is the introduction of drivers in Rust inside the Linux Kernel or also the project «Prossimo» which basically focuses on coordinating efforts to move critical software infrastructure into secure code to secure Linux kernel memory with Rust.
And now another great joins to this fever and it is nothing more and nothing less than Tor, since recently its developers presented the Arti project, within which we are working to create an implementation of the Tor protocol in the Rust language.
Unlike the C implementation, which was initially designed as a SOCKS proxy and only later adapted to other needs, Arti initially it is developed in the form of an integrated modular library that can be used by various applications. It has been funded for over a year with funds from the Zcash Open Major Grants (ZOMG) grant program.
Today's Tor is written in the C programming language. Although C is venerable and ubiquitous, it is notoriously prone to usage errors, and its lack of high-level features makes many programming tasks more complex than they would be in a more modern language ...
Rust seems like the clearest way out of our predicament. It is a high-level language and significantly more expressive than C. Also, it has some really innovative features that allow the language to enforce certain security properties at compile time. In a first approximation, if the code is compiled and is not explicitly marked as "unsafe", then the broad categories of errors are assumed to be impossible.
The reasons for rewriting Tor in Rust are cited as a desire to achieve a higher level of code security through the use of a language that guarantees safe work with memory. According to Tor developers, at least half of all vulnerabilities monitored by the project will be eliminated in the Rust deployment, if the code does not use "insecure" blocks.
Rust it will also allow you to achieve a faster development speed than using C, due to the expressiveness of the language and the strict guarantees that you don't waste time on double checks and writing unnecessary code. Also, when developing a new project, all past experience with Tor development is taken into account, which will avoid known architectural problems, make the project more modular and efficient.
In its current state, Arti can now connect to the Tor network, interact with directory servers and create anonymous connections through Tor with the provision of a proxy based on the SOCKS protocol.
Development still not recommended for use in production systems, as not all privacy features are implemented and backward compatibility at the API level is not guaranteed. The first security-compliant version of the client, supporting thread isolation and guarding nodes, is scheduled for release in October.
The first version beta is expected in March 2022 with the experimental implementation of the built-in library and performance optimizations, while the first stable version, with a stable API, CLI and configuration format, as well as auditing, is scheduled by mid-September 2022.
This version will be suitable for initial use by general users. Update 1.1 is expected by the end of October 2022 with support for plug-in transport and bridges to avoid crashes. Support for onion services is scheduled for version 1.2, and parity with the C client is expected in version 2.0, for which a schedule has not yet been determined.