• Builds 3-hop circuit

• Generates per-hop AES keys

• Onion-encrypts payload (AES)

• Uses SHA digests for integrity

• TLS session with client (RSA handshake)

• Removes outer AES layer

• Forwards to Middle relay

• Sees origin IP, not destination

• Independent TLS session

• Removes middle AES layer

• Forwards to Exit node

• Sees only next hop

• Independent TLS session

• Removes final AES layer

• Sends data to destination

• Cannot identify original sender

→ Sent via TLS to Entry node

• TLS handshake authenticates relays via RSA certificates

• Ephemeral Diffie–Hellman → shared secret per hop (Perfect Forward Secrecy)

• SHA-based KDF derives symmetric AES keys (K_entry, K_middle, K_exit)

• Client stores all keys; each relay knows only its own key

• If HTTPS: end-to-end TLS between client & server

• Exit node sees only ciphertext (not content)

• TLS (blue dashed): Provides authentication & confidentiality per hop (RSA handshake, AES bulk encryption, SHA integrity, DH for PFS).

• Onion Layers (orange): Client encrypts data three times with AES (Exit→Middle→Entry keys); each relay decrypts one layer.

• SHA (brown): Ensures integrity for Tor cells and key derivation (KDF).

• Privacy: No relay knows both sender and receiver. Exit sees plaintext only for HTTP traffic.

• Limitation: Global adversaries may attempt traffic correlation; Tor mitigates but cannot fully prevent timing analysis.