Bandwidth throttling (was Re: Padding)

Roger Dingledine arma at mit.edu
Tue Jul 9 08:15:56 UTC 2002


On Tue, Jul 09, 2002 at 08:56:02AM +0100, Andrei Serjantov wrote:
> You are making sure that the receivers receive only the number of
> cells they expect to. How they do it is an implementation issue.

Yep. But it's my implementation issue, at this point. :)

> So now what you are saying is that we will have different bandwidths
> on each connection from our current COR to the others. I think you

Yes

> also imply that we will keep connections to other OR's even if there
> are no circuits on them (is this comprehensible?). This does, of

Yes. If you're an onion router (that is, you have ROLE_OR_CONNECT_ALL
set in your global_role variable) then you always try to keep connections
open to all onion routers.

> course, reduce anonymity in comparison to constant-bandwidth on all
> links case (shall I describe how and why or is it self-evident?) and
> this reduction can be calculated by methods which are no too far away
> from those described in our PET2002 paper + padding. One of the things
> I am working on!

Yes, we lose a lot of anonymity, possibly a whole lot.
Good to hear that you're working on it. :)

> I am a little surprised at the fact that you are satisfied with
> this. My original proposal said "Pad to max bandwidth on all
> connections equally, independent on whether there are circuits on the
> connections or not". You are now saying "Pad on each connection to
> hide the real bandwidth, but only as much as that, and pad the
> connections without circuits a little as well".
> 
> The reason why I am surprised is that you have not saved a whole lot
> of bandwidth. But maybe you are ok with this.

Well, if we have very little traffic, then we save a whole lot of
bandwidth. With the proposal here, we're pushing about equal dummy
traffic to real traffic, on average (except at either extreme). So I
think we save considerable bandwidth.

I'm actually not satisfied with this from an anonymity perspective,
because I fear it doesn't buy us much at all against our global
passive adversary; but it's a compromise that's good enough for a first
proposal. Perhaps its role will be to motivate us to figure out better
approaches that don't leak as much anonymity but also don't cost "too
much" bandwidth.

--Roger



More information about the tor-dev mailing list