Giblit Proposal

Paul Syverson syverson at
Sun Jan 4 05:30:25 UTC 2004

On Sat, Jan 03, 2004 at 07:16:14PM +0100, Some Guy wrote:
> Ok so if we insist on consistency only at the endpoints, then is a chance a tagged(corrupted) cell
> can be used by adversaries to see if two nodes are on the same tunnel.
> If we have consistency checks every hop, then the cells will shrink going through the circuit
> possibly giving away to nodes where they are in a circuit. 

I haven't looked at your giblet idea carefully. It looks OK at a glance,
but it is irrelevant for current tor design.

1. It is assumed that adversary nodes can confirm they are on the same
"tunnel" trivially. So, there is no point in protecting against it for
the current system.  (OK as Roger has noted, looking ahead is good, and
we are always doing that.)  The mantra is: onion routing protects
against traffic analysis not traffic confirmation. If you push on that
too hard it breaks down. But, it is about as good a synopsis as you
could get in under ten words.

2. That said, the tagging attack is also irrelevant for the purpose
you note because intermediate nodes cannot readily recognize a
corrupted cell.

3. Because of other problems, we have a design for integrity checking.
Briefly hence roughly, each node can get a few bytes of hash on each
cell that is based on all the cells it received so far on that
circuit. This can prevent both tagged cells from passing out of the
network and also nodes forwarding cells that they were not meant to
forward, messing up a circuit.  There is no shrinking in our design
as cells move along, and I don't see why it should be expected that
there must be since integrity checks don't have to be removed.


More information about the tor-dev mailing list