From: Anthony DiPierro <or@xxxxxxxxx>
Reply-To: or-talk@xxxxxxxxxxxxx
To: or-talk@xxxxxxxxxxxxx
Subject: Re: Hacker strikes through student's router
Date: Fri, 11 Nov 2005 06:57:05 -0500
On 11/11/05, Eugen Leitl <eugen@xxxxxxxxx> wrote:
> On Fri, Nov 11, 2005 at 10:47:24AM +0000, loki tiwaz wrote:
>
> > or how about don't bother with the electronic cash thing, make a
protocol
> > which signifies that the packet originated from a tor server and have
these
> > packets prioritised. then the p2p folks will be more likely to set up
nodes
>
> How do you propose to prove that the packet originated from a bona fide
> Tor server, without agoric load leveling?
In case you're wondering, like I was, "Agoric comes from agora, the
Greek word for marketplace. The programs and computers in these
systems become buyers and sellers of resources, much like a real-life
marketplace. Buyers compete against one another for scarce resources
and try to get the best price they can, while sellers attempt to
maximize their profit."
http://www.wired.com/wired/archive/4.12/geek.html
Anyway, I think the real difficulty here would be in implementing some
sort of marketplace without having a significant effect on anonymity.
I'm sure there are ways to do it, but it doesn't seem to me to be a
trivial problem at all. One advantage though is that in Tor the exit
nodes themselves make essentially no attempt at being anonymous. This
is important, because it means they can be trusted to some extent
based on their track record.
One idea I've played with in my head for a different type of network,
but which could apply to Tor too, is using processing power as the
base unit. Someone would set up a bunch of public/private keypairs or
md5 hashes or some other sort of one-way function (destroying the
answers which you'd have to trust them to do), and you'd have to crack
them in order to get a token. Different tokens would have different
values depending on how widespread they were, because the same exit
node wouldn't accept the same token twice, and as time goes on the
tokens would get easier and easier to crack, so you'd have to have
progressively harder to crack values to sustain this over time. Using
public/private keypairs of varying strengths would have the advantage
that you could prove that you possess a token without actually giving
up that token, but I'm not sure exactly what the use of that would be.
So, to get a high priority packet through the system you crack a key
and present it as a token to an exit node (using a key that isn't
already in the possession of that exit node). Yes, it'd be a crude
system, among other things because the token wouldn't be transferred,
it'd be copied, but it'd probably work "good enough", if for nothing
else than to bootstrap some more elaborate system. Cracking keys is
also a waste of resources, so a better system should probably be
developed over time. But better systems seem to always rely on some
sort of central authority - this system has no central authority (as
long as you trust that the person who initially created the keys threw
them away, anyway). Maybe this is where the ability to prove you have
a public/private keypair without giving it away would come into place,
those who could prove a high level of trust could create a
pseudonymous identity and implement one of many alternate currency
systems.
I think this system would be fairly anonymous. But it would give a
bit of a paper trail to those attacking the anonymity of Tor.
Anthony