[tor-bugs] #22422 [Core Tor/Tor]: Add noise to PaddingStatistics
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Jun 24 01:31:22 UTC 2017
#22422: Add noise to PaddingStatistics
--------------------------+------------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: High | Milestone: Tor: 0.3.1.x-final
Component: Core Tor/Tor | Version: Tor: 0.3.1.1-alpha
Severity: Normal | Resolution:
Keywords: privcount | Actual Points:
Parent ID: | Points: 0.5
Reviewer: | Sponsor:
--------------------------+------------------------------------
Comment (by teor):
Replying to [comment:9 mikeperry]:
> Replying to [comment:7 teor]:
> > Replying to [comment:6 mikeperry]:
> ...
> > > Also, is there a good example of where we add noise in a way
successfully calculates how to hide a single client's activity? It would
be helpful to have a reference to work off of.
Here's how it's done in practice:
1. Collect the statistics on a relay without noise, and without publishing
them
2. Use the statistics to estimate individual client usage
3. Erase the detailed outputs of the non-noisy statistics collection
4. Add noise sufficient to hide a single client's activity (that is, make
the average? amount of noise added at least as much as the individual
client usage estimate)
That should work in this case, too: but we would also need to estimate
client numbers for that relay, which we could do using unique connecting
IP addresses and channel_is_client(). Or we could use existing Tor client
statistics and multiply them by the fraction of guard consensus weight
assigned to the relay.
> > Pages 7-8 of the PrivCount paper give the theory behind differential
noise.
> > I am not sure where to find anything similar in the tor code.
> > When we add noise, we've done it inconsistently and arbitrarily in the
past.
>
> Right now, it looks like this is where we're headed here, too.
>
> > Perhaps Rob or Aaron can help?
Some of Aaron's upcoming research can measure individual client usage over
long timescales, but PrivCount can't, because it's not safe to keep client
IP addresses in memory for long periods of time.
> I'm hoping Karsten can as well.
I'd like Karsten to check the steps I suggested.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22422#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list