Bandwidth throttling (was Re: Padding)

Roger Dingledine arma at
Tue Jul 9 08:15:56 UTC 2002

On Tue, Jul 09, 2002 at 08:56:02AM +0100, Andrei Serjantov wrote:
> You are making sure that the receivers receive only the number of
> cells they expect to. How they do it is an implementation issue.

Yep. But it's my implementation issue, at this point. :)

> So now what you are saying is that we will have different bandwidths
> on each connection from our current COR to the others. I think you


> also imply that we will keep connections to other OR's even if there
> are no circuits on them (is this comprehensible?). This does, of

Yes. If you're an onion router (that is, you have ROLE_OR_CONNECT_ALL
set in your global_role variable) then you always try to keep connections
open to all onion routers.

> course, reduce anonymity in comparison to constant-bandwidth on all
> links case (shall I describe how and why or is it self-evident?) and
> this reduction can be calculated by methods which are no too far away
> from those described in our PET2002 paper + padding. One of the things
> I am working on!

Yes, we lose a lot of anonymity, possibly a whole lot.
Good to hear that you're working on it. :)

> I am a little surprised at the fact that you are satisfied with
> this. My original proposal said "Pad to max bandwidth on all
> connections equally, independent on whether there are circuits on the
> connections or not". You are now saying "Pad on each connection to
> hide the real bandwidth, but only as much as that, and pad the
> connections without circuits a little as well".
> The reason why I am surprised is that you have not saved a whole lot
> of bandwidth. But maybe you are ok with this.

Well, if we have very little traffic, then we save a whole lot of
bandwidth. With the proposal here, we're pushing about equal dummy
traffic to real traffic, on average (except at either extreme). So I
think we save considerable bandwidth.

I'm actually not satisfied with this from an anonymity perspective,
because I fear it doesn't buy us much at all against our global
passive adversary; but it's a compromise that's good enough for a first
proposal. Perhaps its role will be to motivate us to figure out better
approaches that don't leak as much anonymity but also don't cost "too
much" bandwidth.


More information about the tor-dev mailing list