First Stable Release of Arti: The Official Tor Implementation in Rust

The developers of the anonymous Tor network have announced the first stable release (1.0.0) of the Arti project, a Tor client written in Rust. Version 1.0 is marked as suitable for everyday users and provides the same level of privacy, usability, and stability as the main C-based implementation. The API offered for integrating Arti’s functionality into other applications has also been stabilized. The code is distributed under the Apache 2.0 and MIT licenses.

Key Differences and Advantages

Unlike the C implementation, which was originally designed as a SOCKS proxy and later adapted for other needs, Arti has been developed from the start as a modular, embeddable library that can be used by various applications. The development of Arti also takes into account all the experience gained from previous Tor development, helping to avoid known architectural issues and making the project more modular and efficient.

The main reason for rewriting Tor in Rust was to achieve a higher level of code security by using a language that ensures safe memory management. According to the Tor developers, at least half of all tracked vulnerabilities in the project would be eliminated in the Rust implementation, provided that “unsafe” code blocks are not used. Rust also enables faster development compared to C, thanks to its expressive language features and strict guarantees, which reduce the need for double-checking and writing extra code.

Development Experience and Results

The experience of developing the first version confirmed the benefits of using Rust. For example, fewer errors were made at every stage in Rust code compared to similar development in C—most issues that did arise were related to logic and semantics. The strictness of the rustc compiler, sometimes seen as a drawback, actually proved beneficial: if the code compiles and passes tests, the likelihood of correctness is much higher.

The speed of development also increased, not only because the functionality was recreated based on an existing template, but also due to Rust’s expressive semantics, convenient function libraries, and built-in safety features. One downside noted was the large size of the resulting builds—since the standard Rust library is not included by default in most systems, it must be bundled with the downloadable packages.

Future Plans and Roadmap

Version 1.0 mainly focuses on basic client functionality. Version 1.1 is planned to add support for pluggable transports and bridges to bypass censorship. Version 1.2 is expected to introduce support for onion services and related features, such as RTT Congestion Control and DDoS protection tools. Achieving full parity with the C client is targeted for the 2.0 branch, which will also offer bindings for using Arti in code written in various programming languages.

Over the next few years, development will focus on implementing the features needed for relays and directory servers. Once the Rust code reaches a level where it can fully replace the C version, the developers plan to make Arti the main Tor implementation and discontinue support for the C version. Support for the C implementation will be phased out gradually, with options provided for a smooth migration.