[tor-dev] Global semi-passive adversary: suggestion of using expanders

Roger Dingledine arma at mit.edu
Fri Aug 23 07:45:31 UTC 2013

On Fri, Aug 23, 2013 at 09:19:32AM +0200, Paul-Olivier Dehaye wrote:
> The short summary of the weakness of Tor here:
> - We would like the whole protocol to be mixing (to an observer, the
> probability of exiting at any node C given entrance at node A is close to
> 1/N),

Right, you're using terminology and threat models from the mixnet
literature. Tor doesn't aim to (and doesn't) defend against that.

You might find the explanation in
to be useful. The first trouble with mixing in the Tor environment is
that "messages" from each user aren't the same size, and it's really
expensive to make them the same size ("round up to the largest expected
web browsing session").

Another key point: it's not about the paths inside the network -- it's
about the connections from the users to the network, and from the network
to the destinations.

That said, for the beginning of your related work, see

And for a much later follow-up, see


More information about the tor-dev mailing list