no circuit loops?

Paul Syverson syverson at
Fri Oct 24 13:47:29 UTC 2003

On Fri, Oct 24, 2003 at 10:46:34AM +0100, Andrei Serjantov wrote:
> > On the one hand, a loop has an obvious threat from any "repeat node" since
> > it can trivially recognize circuits with that loop and thus bypass it
> > (long range padding and leaky pipes could reduce this slightly, but
> > still...).
> >
> > On the other hand, the absence of loops gives information about a
> > circuit. E.g., there is an observer on OR_1's network connections.
> > Alice connects through OR_1, OR_2, OR_3, OR_4, OR_5.  OR_4 is bad.
> > The adversary can now rule out OR_2 and OR_3 as exit points
> > even though their net connections are not visible to it.
> This is an interesting argument for having substantial numbers of Onion
> Routers (but not *too many* as I argue elsewhere).  I suspect if you have
> many more routers than your route length, the problem becomes
> inignificant.

I agree. In the short run my gut sense is that the repeat node threat
is the more realistic/relevant one, even if we have a relatively small
network. I share your sense about more is better (to a point) wrt this
issue, with the caveat that it may be affected by topology as well,
which again is a more longterm consideration.


More information about the tor-dev mailing list