[tor-dev] Global semi-passive adversary: suggestion of using expanders
Roger Dingledine
arma at mit.edu
Fri Aug 23 07:45:31 UTC 2013
On Fri, Aug 23, 2013 at 09:19:32AM +0200, Paul-Olivier Dehaye wrote:
> The short summary of the weakness of Tor here:
> - We would like the whole protocol to be mixing (to an observer, the
> probability of exiting at any node C given entrance at node A is close to
> 1/N),
Right, you're using terminology and threat models from the mixnet
literature. Tor doesn't aim to (and doesn't) defend against that.
You might find the explanation in
https://blog.torproject.org/blog/one-cell-enough
to be useful. The first trouble with mixing in the Tor environment is
that "messages" from each user aren't the same size, and it's really
expensive to make them the same size ("round up to the largest expected
web browsing session").
Another key point: it's not about the paths inside the network -- it's
about the connections from the users to the network, and from the network
to the destinations.
That said, for the beginning of your related work, see
http://freehaven.net/anonbib/#danezis:pet2003
And for a much later follow-up, see
http://freehaven.net/anonbib/#topology-pet2010
--Roger
More information about the tor-dev
mailing list