[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Desired exit node diversity



In application this would be a distribution that although unlikely to be optimal against any specific adversary, it's has robust hardness across a wide variety of adversaries.

So, the F-35?

Perhaps what needs considered is wether that is even possible; and against which adversaries is TOR designed to resist?Â

On Wed, Sep 23, 2015 at 8:34 AM, Virgil Griffith <i@xxxxxxxxx> wrote:
because "the right distribution" is a function of which adversary you're
> considering, and once you consider k adversaries at once, no single
> distribution will be optimal for all of them.)

Granted. ButÂsince we're speaking idealizations, I say take that the expected-value over the distributions weighted by the probability of each adversary. In application this would be a distribution that although unlikely to be optimal against any specific adversary, it's has robust hardness across a wide variety of adversaries.

Or, if thatÂdistributionÂis unclear, pick the distribution of exit-relay with the highest minimum hardness. ÂThis reminds me of the average-entropy vs min-entropy question for quantifying anonymity. I'd be content with either solution, and in regards to Roster I'm not sure the difference will matter much. I am simply asking the more knowledgeable for their opinion andÂrecommendation. Is there one?

-V



On Wed, Sep 23, 2015 at 2:47 PM Roger Dingledine <arma@xxxxxxx> wrote:
On Wed, Sep 23, 2015 at 06:26:47AM +0000, Yawning Angel wrote:
> On Wed, 23 Sep 2015 06:18:58 +0000
> Virgil Griffith <i@xxxxxxxxx> wrote:
> > * Would the number of exit nodes constitute exactly 1/3 of all Tor
> > nodes? Would the total exit node bandwidth constitute 1/3 of all Tor
> > bandwidth?
>
> No. There needs to be more interior bandwidth than externally facing
> bandwidth since not all Tor traffic traverses through an Exit
> (Directory queries, anything to do with HSes).
>
> The total Exit bandwidth required is always <= the total amount of Guard
> + Bridge bandwidth, but I do not have HS utilization or Directory query
> overhead figures to give an accurate representation of how much less.

On the flip side, in *my* idealized Tor network, all of the relays are
exit relays.

If only 1/3 of all Tor relays are exit relays, then the diversity of
possible exit points is much lower than if you could exit from all the
relays. That lack of diversity would mean that it's easier for a relay
adversary to operate or compromise relays to attack traffic, and it's
easier for a network adversary to see more of the network than we'd like.

(In an idealized Tor network, the claim about the network adversary
might not actually be true. If you have exit relays in just the right
locations, and capacity is infinite compared to demand, then the network
adversary will learn the same amount whether the other relays are exit
relays are not. But I think it is a stronger assumption to assume that we
have exactly the right distribution of exit relay locations -- especially
because "the right distribution" is a function of which adversary you're
considering, and once you consider k adversaries at once, no single
distribution will be optimal for all of them.)

--Roger

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev


_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev