Dear Ian, Thanks for publishing this! I am now a huge fan of your work... This is excellent! Cheers, David On Fri, Mar 13, 2015 at 4:25 PM, Paul Syverson <paul.syverson@nrl.navy.mil> wrote:

Only glanced through it, but it looks amazingly comprehensive for a 32 page paper (plus references). I haven't read it yet, but a glance suggests it could be a go-to reference to give to people wanting to get up to speed on Tor and its current research questions. Congrats!

aloha, Paul

On Fri, Mar 13, 2015 at 02:01:56PM +0100, Ian Goldberg wrote:

...

As I mentioned at the dev meeting, Mashael and I were just finishing up a survey paper on Tor performance and security research.

The tech report version was just posted on eprint:

https://eprint.iacr.org/2015/235

for your perusing pleasure. ;-)

Thanks,

- Ian _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

---

tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Hey, Great read. Very information. Some minor corrections: p.8 "First, It has been estimated... "; "It" --> "it" p.14 "... results an unfair allocation..." --> "... results *in* an unfair allocation" p.15 "... global throttling can only bypassed... " --> "... global throttling can only *be* bypassed... " p.15 "He observed that throughput was significantly improved with the use of multiple circuits; however, using two circuits performs better than using one circuit or more than two circuits—using more than two circuits increases the chances of choosing a slow router." -> ; "He observed that throughput was significantly improved with the use of multiple circuits; using two circuits perform better than using one circuit, however using more than two circuits increases the chances of choosing a slow router." (just a suggestion to clarify the statement) p.18 "Jansen and Reardon agree that cells most of their time waiting in the socket output" --> "Jansen and Reardon agree that cells *SPEND* most of their time waiting in the socket output" p.23 " In their first protocol (which is the basis for all their subsequent protocols), [*?what?*] replaces the RSA encryption, which was used for circuit construction prior to the current ntor protocol (described below), with a DH key agreement in order to reduce the computational cost." --> Perhaps "In order to reduce the computational cost, a DH key agreement replaces the RSA encryption, which was used for circuit construction prior to the current ntor protocol..." p.27 "... as the Tor network had grown over the years, the above attach of Murdoch and Danezis... " --> "... as the Tor network had grown over the years, the above *attack* of Murdoch and Danezis... " There also some interesting problems copying and pasting the document, but I believe that is the result of either acrobat or notepad++ removing the hyphens between hyphenated words. Also, minor differences between "deanonymize" and "de-anonymize" and a few others make people like me notice. They're both correct, but using one form then the other tripped me up. Good consistent use of American English. I'm not American, so the words didn't match my spelling, but the consistency of using one style, and not flip-flopping was refreshing. Anywho, I realize it was already published, but wanted to help anyway. It's quite possible I missed some as well. There were other things I would have changed, such as when to present acronyms, but as it's already published there is no point in commenting about them now. ---------------- For the all the devs, if you'd like me to proof-read anything, send it my way and I'll have a go at it. I'm a bit of a stickler when it comes to documentation, and read them for fun so, if you don't send it to me before you publish it, I'll still send you the corrections after they're published. ---------------- Kind regards, Matt Speak Freely

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Ian, Thanks for the link, and for working on the survey - this was long overdue. I especially enjoy the mind map (Figure 5) which gives a quick view of all of the work over the years. The community has been busy! On the incentives front, I believe the survey is missing a few papers. - -"Proof-of-Work as Anonymous Micropayment: Rewarding a Tor Relay" FC 2015 Short Paper, http://fc15.ifca.ai/preproceedings/paper_71.pdf - -"Paying the Guard: an Entry-Guard-based Payment System for Tor" FC 2015 Short Paper, http://fc15.ifca.ai/preproceedings/paper_112.pdf - -"From Onions to Shallots: Rewarding Tor Relays with TEARS" HotPETs 2014, http://www.robgjansen.com/publications/tears-hotpets2014.pdf - -"Payment for Anonymous Routing" PETS 2008, http://cs.gmu.edu/~astavrou/research/Par_PET_2008.pdf While the TEARS paper only appeared at HotPETs (so far), I feel like it should be included because TorCoin is cited and TEARS is more viable than the TorCoin approach (IMHO) - the reasons for this are explained in the Tor incentives blog post: https://blog.torproject.org/blog/tor-incentives-research-roundup-goldstar-pa... Also, all of the above, as well as LIRA, are missing from "Incentives" node of the mind map in Figure 5. I realize that this isn't necessarily an incentives survey, but most incentive schemes affect performance and some schemes were included so it may make sense to include them all. Also, it looks like there is some whitespace below the "Throttling" node, so they may fit fairly easily. Finally, there is no section on Tor simulators/emulators!? I was surprised by this, as that is definitely an area of research that has greatly helped explore performance questions. It would be great to include a section on it so that researchers reading this survey and looking to work on performance know which tools they can use to get started. Shadow, ExperimenTor, SNEAC, and Chutney are the main tools that immediately come to mind that may be useful in exploring performance questions. Hope this is useful! All the best, Rob

On Mar 16, 2015, at 12:38 PM, Ian Goldberg <iang@cs.uwaterloo.ca> wrote:

Oh, please *do* comment. We can easily (and definitely plan to) update the ePrint tech report, incorporating the feedback we get from all of you, and giving credit in the acknowledgements. (Do let us know how you'd like to be credited.) Once we're happy with the result, we'll submit a condensed (due to page limits) version to a journal.

- Ian

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVC0mjAAoJEO3Z5w0UVGXoFGYP/iX5JBXA6XivMzEPAWouuIgH +9IphOnK6NTyatjmzSbGSmiR0W4zwSq93UsWrK/7b+NpY5RCj3TF2WK5zr2EpoZ7 GJjBmkZyOjK2ELIik/yMsc93l5e39CAllm3/fy9R7y9VJBItlWYNH3aM4ZFlr5DK 08k0FSi8vSwIHL+hpn6QF2pmuCdD6Zej4JjRUP6Uh31XGIPyvNxkDOEvQyuvDP+v 3beNEyOFtfB5kYq1wartdgIiEkCOIaVHUHp5OmnmdwNaa9EeSKsoAOsLsI6QqJ0X 3FddYrERpuvoLuDP+WXFsI9l7xtK4cTcoUkO0vI14/lzYiHC0SMmf0ZjVHoPn2k8 cr7rfyAqC5QE5T25nK4M1Bh0i43RVUkxLf36CqaFKj9hiyn6FSlPUhO/GKRpQ2oQ 2WUGbQ8PnGwCEytTr1IBpE7HLDB6i1MkLP8Djg6Hpu1e4l8LIYNj5fppSO3fBunn aPAc7/AKhG1x8doG6ur5F8G/wVykAmmgOmLBp1vsEDDNwXybrrKZZkYCUOucrqQq Of06fsys7JRT9984y/9mf4skjwoAsPCBEJWssyKnXhAlVQdN4hmlkMFvcZbIdB4B Za3Ev2ZtFp9BHCaHQNH5O8KfGb6lw8SPBp2Dyu+bABf5Js8K+B84EUKl6W4+K/lY IEfJ5GgSNQ4dd/ocyirc =2x71 -----END PGP SIGNATURE-----