Re: Anonymity easily thwarted by flooding network with relays?

[Paul Syverson <syverson@xxxxxxxxxxxxxxxx>]

On Fri, Nov 19, 2010 at 10:05:02AM -0500, Jonathan D. Proulx wrote:
> On Thu, Nov 18, 2010 at 11:03:41PM -0500, Roger Dingledine wrote:
> :On Thu, Nov 18, 2010 at 06:19:03PM -0800, Theodore Bagwell wrote:
> 
> :> I nominate this paper as a founding reason why Tor should permit users
> :> to increase the number of relay nodes used in each circuit above the
> :> current value of 3...
> :
> :No, that won't work. The key vulnerability is the first-last correlation
> :attack, which doesn't care how many hops your path has (as long
> :as it's at least two).
> 
> perhaps a naive comment compounded by low caffienation, but wouldn't
> longer chains reduce the likelihood (or raise the cost) getting the
> first-last spots?  Or maybe the performace loss to privacy gain ratio
> for this isn't worth it?

No. It just increases unnecessary network overhead. If an adversary
owns some given fraction of the network, the probability that he owns
the first and last node does not change whether the path is longer or
shorter.  (If you mean that by having longer chains you decrease
thereby the probability for a given circuit that an adversary
occupying nodes in that circuit is occupying first and last positions,
that is true. But that is like reducing the likelyhood of an attack by
given adversary by using an algorithm that chooses ten nodes instead
of Tor's usual three for a circuit and then using three as normal and
telling the other seven of them to do nothing at all on the
circuit. The only difference is the latter has less network overhead.)
Better go have another espresso ;>)

HTH,
Paul
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/