[tor-bugs] #22422 [Core Tor/Tor]: Add noise to PaddingStatistics

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Jun 24 01:31:22 UTC 2017


#22422: Add noise to PaddingStatistics
--------------------------+------------------------------------
 Reporter:  teor          |          Owner:
     Type:  defect        |         Status:  new
 Priority:  High          |      Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |        Version:  Tor: 0.3.1.1-alpha
 Severity:  Normal        |     Resolution:
 Keywords:  privcount     |  Actual Points:
Parent ID:                |         Points:  0.5
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by teor):

 Replying to [comment:9 mikeperry]:
 > Replying to [comment:7 teor]:
 > > Replying to [comment:6 mikeperry]:
 > ...
 > > > Also, is there a good example of where we add noise in a way
 successfully calculates how to hide a single client's activity? It would
 be helpful to have a reference to work off of.

 Here's how it's done in practice:
 1. Collect the statistics on a relay without noise, and without publishing
 them
 2. Use the statistics to estimate individual client usage
 3. Erase the detailed outputs of the non-noisy statistics collection
 4. Add noise sufficient to hide a single client's activity (that is, make
 the average? amount of noise added at least as much as the individual
 client usage estimate)

 That should work in this case, too: but we would also need to estimate
 client numbers for that relay, which we could do using unique connecting
 IP addresses and channel_is_client(). Or we could use existing Tor client
 statistics and multiply them by the fraction of guard consensus weight
 assigned to the relay.

 > > Pages 7-8 of the PrivCount paper give the theory behind differential
 noise.
 > > I am not sure where to find anything similar in the tor code.
 > > When we add noise, we've done it inconsistently and arbitrarily in the
 past.
 >
 > Right now, it looks like this is where we're headed here, too.
 >
 > > Perhaps Rob or Aaron can help?

 Some of Aaron's upcoming research can measure individual client usage over
 long timescales, but PrivCount can't, because it's not safe to keep client
 IP addresses in memory for long periods of time.

 > I'm hoping Karsten can as well.

 I'd like Karsten to check the steps I suggested.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22422#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list