TOR protocol simulation

Nick Mathewson nickm at
Fri Apr 15 23:28:08 UTC 2005

On Fri, Apr 15, 2005 at 01:44:42PM +0200, fiskio wrote:
> **I already posted this one on or-talk but nobody answered me,
> since these are fairly technical questions i fisured that i may find more
> answers here, thanks** 
> Hi everybody,
> i am working on a simulation project on TOR.
> I read all the documentation but there are still some thechnical question i
> would like to ask. 
> 1 - Tor uses cells of 512 bytes and they are encrypted.
> I am wondering how much this encryption takes on an average machine.
> If the time involved is relevant compared to the time of transmission
> i 'll have to deal with that in order to get significant results. 

I don't think I've measured the time on more than one platform.  It
should take around 17 microseconds on my laptop, but who knows how
much time it takes in practice.  Measurement seems in order.

> 2 - How does it decide the circuit and how long is it?
> It seems a totally random decision but it must have some policy enforced
> like the number of nodes or which ones? am i right? 

Assume for the moment that we aren't using hidden services, since that
complicates matters.  Right now, all circuits are 3 hops long (since 3
is better than 2, but 4 is not demonstrably better than 3).  We choose
nodes for circuits with probability proportional to their declared
bandwidth.  For entry and exit, we choose only recommended servers.
For exit, we only choose servers that allow exit connections to the
desired addresses/ports.

Also, we try to have some circuits using only high-bandwidth servers
(for things like web) / and some for only high-uptime servers (for
things like IRC).

For more information, you should read the code; we change this part
frequently, since it is fairly performance-critical.

> 3 - The circuit is changed every minute right? how often do the OP start a
> new circuit construction? And if there is no traffic does it stick with
> the old
> circuit or does it keep on changing it? 

We try to have new "clean" circuits ready whenever possible, enough to
permit exit to the ports that we use "frequently".   When we use a
circuit (by sending traffic over it), we mark the circuit as "dirty",
and we try not to put new connections over a circuit that's been dirty
for "a while".  ("A while" is 30 seconds in 0.0.9 and 10 minutes in 0.1.0.)

For more information, you should read the code; we change this part
frequently, since it is fairly performance-critical.

> 4 - Since i want it to be accurate i am intrested in your policies for rate
> limiting and fairness. I am talking about the bucket approach and the
> euristich to distinguish an interactive stream. 
> 5 - The same is about congestion control. I could simulate the protocol
> without it but it seems very important in order to decrerase latency. 

Right now, we do what is described in tor-spec.txt for these, which
isn't much.  Please let us know if you have any questions about what's
described there.

Nick Mathewson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 652 bytes
Desc: not available
URL: <>

More information about the tor-dev mailing list