[tor-dev] Global semi-passive adversary: suggestion of using expanders

Tom Ritter tom at ritter.vg
Fri Aug 23 02:15:29 UTC 2013


So I don't work for Tor, nor am I a graph theorist, but I'll add a few
preliminary thoughts.

On 22 August 2013 21:08, Paul-Olivier Dehaye
<paul-olivier.dehaye at math.uzh.ch> wrote:
> As far as I can tell, the main threat by a global passive adversary comes
> from traffic analysis (?).

A Global Passive Adversary is technically outside of Tor's threat
model (see https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#Whatattacksremainagainstonionrouting)
- but if there are easy ways to make it more difficult for such an
adversary, at a low engineering cost - then Tor tends to be up for
them.

> This attack should become easier as the number of
> Tor nodes increases (?)

I'm not sure I agree with that.  If the adversary is not global, but
only partly global, then network diversity is crucial.  If the
adversary is truely global, I don't think more nodes would help as
much as more _traffic_.

> A dual way to see this is that
> not enough mixing can happen around a node for incoming/outgoing edge pairs,
> bar injecting a huge amount of fake traffic.

In what sense do you use the word 'mixing'?  In the traffic analysis
literature, I think it tends to refer to mix networks, and collecting
several messages into a pool before releasing some or all of them
(http://crypto.is/blog/mix_and_onion_networks).

-tom


More information about the tor-dev mailing list