[tor-dev] Desired exit node diversity

Wed Sep 23 12:57:31 UTC 2015

> In application this would be a distribution that although unlikely to be
optimal against any specific adversary, it's has robust hardness across a
wide variety of adversaries.

So, the F-35?

Perhaps what needs considered is wether that is even possible; and against
which adversaries is TOR designed to resist?

On Wed, Sep 23, 2015 at 8:34 AM, Virgil Griffith <i at virgil.gr> wrote:

> > because "the right distribution" is a function of which adversary you're
> > considering, and once you consider k adversaries at once, no single
> > distribution will be optimal for all of them.)
>
> Granted.  But since we're speaking idealizations, I say take that the
> expected-value over the distributions weighted by the probability of each
> adversary.  In application this would be a distribution that although
> unlikely to be optimal against any specific adversary, it's has robust
> hardness across a wide variety of adversaries.
>
> Or, if that distribution is unclear, pick the distribution of exit-relay
> with the highest minimum hardness.  This reminds me of the
> average-entropy vs min-entropy question for quantifying anonymity.  I'd be
> content with either solution, and in regards to Roster I'm not sure the
> difference will matter much.  I am simply asking the more knowledgeable for
> their opinion and recommendation.  Is there one?
>
> -V
>
>
>
> On Wed, Sep 23, 2015 at 2:47 PM Roger Dingledine <arma at mit.edu> wrote:
>
>> On Wed, Sep 23, 2015 at 06:26:47AM +0000, Yawning Angel wrote:
>> > On Wed, 23 Sep 2015 06:18:58 +0000
>> > Virgil Griffith <i at virgil.gr> wrote:
>> > > * Would the number of exit nodes constitute exactly 1/3 of all Tor
>> > > nodes? Would the total exit node bandwidth constitute 1/3 of all Tor
>> > > bandwidth?
>> >
>> > No. There needs to be more interior bandwidth than externally facing
>> > bandwidth since not all Tor traffic traverses through an Exit
>> > (Directory queries, anything to do with HSes).
>> >
>> > The total Exit bandwidth required is always <= the total amount of Guard
>> > + Bridge bandwidth, but I do not have HS utilization or Directory query
>> > overhead figures to give an accurate representation of how much less.
>>
>> On the flip side, in *my* idealized Tor network, all of the relays are
>> exit relays.
>>
>> If only 1/3 of all Tor relays are exit relays, then the diversity of
>> possible exit points is much lower than if you could exit from all the
>> relays. That lack of diversity would mean that it's easier for a relay
>> adversary to operate or compromise relays to attack traffic, and it's
>> easier for a network adversary to see more of the network than we'd like.
>>
>> (In an idealized Tor network, the claim about the network adversary
>> might not actually be true. If you have exit relays in just the right
>> locations, and capacity is infinite compared to demand, then the network
>> adversary will learn the same amount whether the other relays are exit
>> relays are not. But I think it is a stronger assumption to assume that we
>> have exactly the right distribution of exit relay locations -- especially
>> because "the right distribution" is a function of which adversary you're
>> considering, and once you consider k adversaries at once, no single
>> distribution will be optimal for all of them.)
>>
>> --Roger
>>
>> _______________________________________________
>> tor-dev mailing list
>> tor-dev at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>>
>
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150923/46bc30d6/attachment.html>