[tor-dev] The Onion Name System (OnioNS)

teor teor2345 at gmail.com
Tue Jun 2 16:18:38 UTC 2015

> On 3 Jun 2015, at 02:07 , teor <teor2345 at gmail.com> wrote:
>> Date: Mon, 18 May 2015 15:48:50 -0800
>> From: OnioNS Dev <kernelcorn at riseup.net>
>> ...
>> I introduce several data structures, but the most important one is the Pagechain, a distributed structure of linked Pages. Pages contain Records, Records contain .tor -> onion associations. Anyone who is familiar with blockchains will recognize the behavior and application of this structure immediately. However, here the head of the Pagechain is not managed by miners, but rather by a short-lived subset of Tor nodes called a Quorum. They receive Records and merge them into the Pagechain. At the moment I've decided to use 127 Quorum members and rotate them every week. They are randomly selected, but the process is deterministic; I am using the cached-certs + cached-microdesc-consensus documents, which everyone has, to seed a PRNG that then derives the Quorum.
> What's to stop a sybil attack where the malicious relays try to occupy likely site(s) for the next Quorum?
> Is the consensus unpredictable enough to thwart this attack?
> Even during quiet times? (Does Tor have quiet times?)
> Can we ensure the Quorum servers have to be long-lived and high-capacity (for example, guards) to make it harder to spin up servers and immediately be added to the Quorum?
> I'm not convinced the Stable flag is hard enough to get.
> Of course, there's a trade-off where making the set of Quorum Candidates too small makes the Quorum easier to predict, too.

Some day, I will learn to read the whole paper before opening my mouth.

I apologise - I withdraw my questions in the face of thousands of bits of entropy per hour, and a comprehensive security analysis.

> By the way, in your ACM paper 5.4.2 you switch from Charlie to Alice, but I think they're meant to be the same Quorum Candidate.

In an earlier section, "Alice" is a Tor client. This makes this section make sense.


teor2345 at gmail dot com
pgp 0xABFED1AC

teor at blah dot im
OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150603/c4c2a7f5/attachment.sig>

More information about the tor-dev mailing list