# [tor-dev] Open topics of prop247: Defending Against Guard Discovery Attacks using Vanguards

Sun Jun 11 19:34:15 UTC 2017

Hi George,

On Wednesday 17 May 2017 05:21 PM, George Kadianakis wrote:
> 1.1. Visuals
>
>  Here is how a hidden service rendezvous circuit currently looks like:
>
>                     -> middle_1 -> middle_A
>                     -> middle_2 -> middle_B
>                     -> middle_3 -> middle_C
>                     -> middle_4 -> middle_D
>       HS -> guard   -> middle_5 -> middle_E -> Rendezvous Point
>                     -> middle_6 -> middle_F
>                     -> middle_7 -> middle_G
>                     -> middle_8 -> middle_H
>                     ->   ...    ->  ...
>                     -> middle_n -> middle_n
>
>  this proposal pins the two middles nodes to a much more restricted
>  set, as follows:
>
>                                  -> guard_3A_A
>                     -> guard_2_A -> guard_3A_B
>                                  -> guard_3A_C -> Rendezvous Point
>       HS -> guard_1
>                                  -> guard_3B_D
>                     -> guard_2_B -> guard_3B_E
>                                  -> guard_3B_F -> Rendezvous Point
>
>
>  Note that the third level guards are partitioned into buckets such that
>  they are only used with one specific second-level guard. In this way,
>  we ensure that even if an adversary is able to execute a Sybil attack
>  against the third layer, they only get to learn one of the second layer
>  Guards, and not all of them. This prevents the adversary from gaining
>  the ability to take their pick of the weakest of the second-level
>  guards for further attack.

I think this scheme works like if there are x number of third level
guards, then they are divided into buckets of x/k number of guards each,
where k is the number of second level guards. Now, I feel that dividing
guards into buckets is a little pointless. Suppose we have 1000 possible
third level guards, and 500 possible second level guards. We have to
select 4 third level guards for each bucket, and 2 second level guard
for each hidden service. Now even in this case the adversary has to do
as much effort as before. What if the guards are divided into buckets,
at least now the possible pool of third level guards in which the sybil
attack is to be conducted get reduced. So the 1000 third level guards
get divided into pool of 500 each. Hence easier to accomplish that
attack, but for that the adversary has to allocate 2x resources if she
wants to take advantage of that. So net result is zero.

I haven't had my coffee, so please correct me if I'm wrong somewhere :)

Regards,
--