Comment by amelius
> Of course, we need to make sure that the data isn't modified on the way from the client.
Why is this necessary if every layer of the onion is a trustable encrypted link?
> Of course, we need to make sure that the data isn't modified on the way from the client.
Why is this necessary if every layer of the onion is a trustable encrypted link?
That is correct. But, (in general) encryption does not necessarily guarantees integrity of the data. In other words, a plaintext can be encrypted, the ciphertext given to another party, and they can tamper with the ciphertext in a way that produces predictable changes in the message obtained by decrypting the tampered ciphertext.
Relays can be malicious and try to tamper with the data. Think of Tor relay encryption like Signal's E2E encryption, where the relays are analogous to Signal's servers. You want to ensure they can neither see what you sent (confidentiality) nor modify it without detection (integrity).