Rejecting proposal 134

Nick Mathewson nickm at
Wed May 27 18:34:26 UTC 2009

I'm rejecting proposal 134 after a conversation with Peter.  The
max-clique idea is fundamentally flawed from a security POV.

Suppose that we have a clique of size N, and M hostile members in the
clique.  If these hostile members stop declaring trust for up to M-1
good members of the clique, the clique with the hostile members will
in it will be larger than the one without them. 

The M hostile members will constitute a majority of this new clique
when M > (N-(M-1)) / 2, or when M > (N + 1) / 3.  This breaks our
requirement that an adversary must compromise a majority of authorities
in order to control the consensus.

We talked about a simpler approach that I'll try to write up as a
proposal in the next day or two.


More information about the tor-dev mailing list