[tor-dev] Proposal draft: Better hidden service stats from Tor relays

Karsten Loesing karsten at torproject.org
Thu Dec 11 14:45:58 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/12/14 14:31, A. Johnson wrote:
>> Can you be more explicit with regard to privacy guarantees of the
>>  obfuscation schema that is currently implemented: 1) binning,
>> 2) add Laplace noise, 3) no second binning.
> 
> I’ll discuss this in terms of attacks on the stats of the number
> of HS descriptors.
> 
> Binning: Suppose an adversary knows that the number of HS
> descriptors stays constant over a week. He knows when all
> descriptors are being published except for one. By binning he won’t
> know when that one is published unless the number of other
> descriptors exactly fills a bin.
> 
> Laplace noise: To provide cover in the case that all other 
> descriptors exactly fill a bin, we add some noise so that
> sometimes an adjacent bin is reported instead, or (less likely) a
> bin two distant, etc. Then the adversary can’t immediately know
> whether an unknown descriptor is indeed published in any given
> period. However, he can eventually figure this out by making enough
> observations and looking at the resulting empirical distribution.
> But it’s better than not protecting it at all.

Sounds good.  George, maybe these explanations should go into the
proposal, too.

>> If you think 3) should be changed, can you explain why that
>> leads to better privacy guarantees?
> 
> I don’t think that 3 should be changed, but if you removed it, it 
> wouldn't affect the privacy argument.
> 
>> I can see how the Laplace distribution doesn't add much noise to 
>> the second case.  And your suggestion is to change the second 
>> delta_f to 8?
> 
> Yes.

Great.  Changed the second delta_f to 8 in the code, and I think
George will change it in the proposal.

Thanks!

All the best,
Karsten
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJUia4mAAoJEJd5OEYhk8hImnYIAJD/TLsTRhL5UGYEMBoOnq+X
gcOzVhrEg+fTHm1a6YSHPn0iPZvTDmg3w97XXl/IZg5L4Y84AAcHeuT6EXkmATT5
V52w5A1fdzOQ4Ef3f6wL0ZNPPG3qsFdv+nNRiiOuI1ASb0+5ML7hdU033up8l1zB
7CocU5rgACy2a6DMHPn4wPmXjlCPYcQ3ZUr/1xts63vxfQFes/D2ynUVEk6I/IUO
YVz62WBg857RXWn8eIsdCF6TkRAJetyiIijPe5+Gs8r7XT+btINg7mS9SDynBWOB
ee34vz/VqeczrAZZwq+yNTjENbsJCtyM5U8zHAiYarGnACmAYy50nnofhPjQ1/I=
=3F1E
-----END PGP SIGNATURE-----

More information about the tor-dev mailing list