-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 08/01/15 06:03, grarpamp wrote:
If that's what you're suggesting, then what happens if a client wants to extend a circuit from relay A to relay B, but A and B aren't exchanging chaff with each other?
This doesn't happen. You have a lower layer of nodes doing fill guided by knowledge of who their own guards are (in this model relays must have notions of their own guards / first hops). Circuits are then strung unaffected and unaware over that as usual. Relays know the difference between their own action doing p2p for fill, and non fill (circuit) data trying to leave them... so they can make room in their existing first hop links, or negotiate new ones with where that data is trying to go.
Thanks for the explanation.
If relays A and B negotiate a new link between them when a client wants to extend a circuit from A to B, then A and B must each subtract some bandwidth from their existing links to allocate to the new link (since they're already using their full bandwidth allowance, by design).
I suspect the details of how that reallocation is done will be important for anonymity. If bandwidth is subtracted from existing links without taking into account how much wheat the existing links are carrying, then any circuits using those links will feel the squeeze - the adversary will be able to tell when a relay's opening a new link by building a circuit through the relay, filling the circuit with wheat, and waiting for its throughput to get squeezed.
On the other hand, if bandwidth is subtracted from existing links in such a way that existing wheat is never affected - in other words, if you only reallocate the spare bandwidth - then it's possible for an adversary observing a relay to find out how much wheat each link is carrying by asking the relay to negotiate new links until it says no because it can't reallocate any more spare bandwidth, at which point any links that weren't requested by the adversary are now carrying nothing but wheat.
If anyone knows of networks (whether active, defunct or discredited) that have used link filling, I'd like a reference. Someone out there has to have at least coded one for fun.
PipeNet was a proposal for an onion-routing-like network with constant-rate traffic: http://cypherpunks.venona.com/date/1998/01/msg00878.html
Tarzan was an onion-routing-like network in which each relay exchanged constant-rate traffic with a fixed set of other relays called its mimics, and circuits could only be constructed over links between mimics: http://pdos.csail.mit.edu/tarzan/docs/tarzan-ccs02.pdf http://pdos.csail.mit.edu/tarzan/docs/tarzan-thesis.pdf
George Danezis looked at the anonymity properties of paths chosen from a restricted graph rather than a complete graph (this was in the context of mix networks, but the findings may also be relevant to onion routing): http://www.freehaven.net/anonbib/cache/danezis:pet2003.pdf
Cheers, Michael